Import of pkgsrc-2015Q3

sysutils/xenkernel42/Makefile

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.16 2015/06/05 18:18:41 khorben Exp $
+# $NetBSD: Makefile,v 1.17 2015/08/23 16:17:12 spz Exp $
 
 VERSION=	4.2.5
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel42-${VERSION}
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 

sysutils/xenkernel42/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2015/06/05 18:18:41 khorben Exp $
+$NetBSD: distinfo,v 1.16 2015/09/14 13:36:29 joerg Exp $
 
 SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
 RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
@@ -13,7 +13,10 @@ SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98
 SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396
 SHA1 (patch-CVE-2015-2752) = 62547b55385aaf54af23270939fe086b996d5744
 SHA1 (patch-CVE-2015-2756) = cb1be46c28e6f88c13fc0d26ff0606bdb877283c
+SHA1 (patch-CVE-2015-3340) = 9ff5e766c9e5e3358d8a896f805babc8fb9a41c4
 SHA1 (patch-CVE-2015-3456) = 8d54d33b81ef77056aa6f58ab123912948454020
+SHA1 (patch-CVE-2015-4163) = d8c9b95026c2316bfb57f644937fdb924902a3bf
+SHA1 (patch-CVE-2015-4164) = 9f9add821c4a13308fa4bfa1becd1b0d8fda6177
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
@@ -21,6 +24,7 @@ SHA1 (patch-xen_arch_x86_hvm_hvm.c) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f
 SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a
 SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a
 SHA1 (patch-xen_common_spinlock.c) = 06f06b5e9b098262ebaa8af0be4837005fb5b8b4
+SHA1 (patch-xen_drivers_passthrough_vtd_x86_ats.c) = 5ab0bb0d1fd63abf8ef8d1f073f83a5f1f9f159a
 SHA1 (patch-xen_include_asm-arm_spinlock.h) = fe2e35a5ebec4c551df5d1680c93e6ad19348d93
 SHA1 (patch-xen_include_asm-x86_atomic.h) = d406c6071ea3823c25113a801dd77ff32146d162
 SHA1 (patch-xen_include_asm-x86_spinlock.h) = fbaaf264e9aa4857635a81b63c4a77cba4bf560f

sysutils/xenkernel42/patches/patch-CVE-2015-3340

@@ -0,0 +1,29 @@
+$NetBSD: patch-CVE-2015-3340,v 1.1 2015/08/23 16:17:12 spz Exp $
+
+patch for CVE-2015-3340 aka XSA-132 from
+http://xenbits.xen.org/xsa/xsa132-4.2.patch
+
+--- xen/arch/x86/domctl.c.orig	2014-09-02 06:22:57.000000000 +0000
++++ xen/arch/x86/domctl.c
+@@ -1193,7 +1198,7 @@ long arch_do_domctl(
+     case XEN_DOMCTL_gettscinfo:
+     {
+         struct domain *d;
+-        xen_guest_tsc_info_t info;
++        xen_guest_tsc_info_t info = { 0 };
+ 
+         ret = -ESRCH;
+         d = rcu_lock_domain_by_id(domctl->domain);
+$NetBSD: patch-CVE-2015-3340,v 1.1 2015/08/23 16:17:12 spz Exp $
+
+--- xen/common/sysctl.c.orig	2014-09-02 06:22:57.000000000 +0000
++++ xen/common/sysctl.c
+@@ -95,7 +95,7 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
+     case XEN_SYSCTL_getdomaininfolist:
+     { 
+         struct domain *d;
+-        struct xen_domctl_getdomaininfo info;
++        struct xen_domctl_getdomaininfo info = { 0 };
+         u32 num_domains = 0;
+ 
+         rcu_read_lock(&domlist_read_lock);

sysutils/xenkernel42/patches/patch-CVE-2015-4163

@@ -0,0 +1,17 @@
+$NetBSD: patch-CVE-2015-4163,v 1.1 2015/08/23 16:17:12 spz Exp $
+
+patch for CVE-2015-4163 aka XSA-134 from
+http://xenbits.xen.org/xsa/xsa134.patch
+
+--- xen/common/grant_table.c.orig	2014-09-02 06:22:57.000000000 +0000
++++ xen/common/grant_table.c
+@@ -2372,6 +2372,9 @@ __gnttab_swap_grant_ref(grant_ref_t ref_
+ 
+     spin_lock(&gt->lock);
+ 
++    if ( gt->gt_version == 0 )
++        PIN_FAIL(out, GNTST_general_error, "grant table not yet set up\n");
++
+     /* Bounds check on the grant refs */
+     if ( unlikely(ref_a >= nr_grant_entries(d->grant_table)))
+         PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a (%d).\n", ref_a);

sysutils/xenkernel42/patches/patch-CVE-2015-4164

@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2015-4164,v 1.1 2015/08/23 16:17:12 spz Exp $
+
+patch for CVE-2015-4164 aka XSA-136 from
+http://xenbits.xen.org/xsa/xsa136.patch
+
+--- xen/arch/x86/x86_64/compat/traps.c.orig	2014-09-02 06:22:57.000000000 +0000
++++ xen/arch/x86/x86_64/compat/traps.c
+@@ -114,7 +114,7 @@ unsigned int compat_iret(void)
+         }
+         else if ( ksp > regs->_esp )
+         {
+-            for (i = 9; i > 0; ++i)
++            for ( i = 9; i > 0; --i )
+             {
+                 rc |= __get_user(x, (u32 *)regs->rsp + i);
+                 rc |= __put_user(x, (u32 *)(unsigned long)ksp + i);

sysutils/xenkernel42/patches/patch-xen_drivers_passthrough_vtd_x86_ats.c

@@ -0,0 +1,22 @@
+$NetBSD: patch-xen_drivers_passthrough_vtd_x86_ats.c,v 1.1 2015/09/14 13:36:29 joerg Exp $
+
+--- xen/drivers/passthrough/vtd/x86/ats.c.orig	2014-09-02 06:22:57.000000000 +0000
++++ xen/drivers/passthrough/vtd/x86/ats.c
+@@ -134,7 +134,7 @@ int dev_invalidate_iotlb(struct iommu *i
+         case DMA_TLB_GLOBAL_FLUSH:
+             /* invalidate all translations: sbit=1,bit_63=0,bit[62:12]=1 */
+             sbit = 1;
+-            addr = (~0 << PAGE_SHIFT_4K) & 0x7FFFFFFFFFFFFFFF;
++            addr = (~0ULL << PAGE_SHIFT_4K) & 0x7FFFFFFFFFFFFFFF;
+             rc = qinval_device_iotlb(iommu, pdev->ats_queue_depth,
+                                      sid, sbit, addr);
+             break;
+@@ -146,7 +146,7 @@ int dev_invalidate_iotlb(struct iommu *i
+             sbit = size_order ? 1 : 0;
+ 
+             /* clear lower bits */
+-            addr &= ~0 << PAGE_SHIFT_4K;
++            addr &= ~0ULL << PAGE_SHIFT_4K;
+ 
+             /* if sbit == 1, zero out size_order bit and set lower bits to 1 */
+             if ( sbit )