Module Name: src
Committed By: snj
Date: Fri Jan 8 21:24:58 UTC 2016
Modified Files:
src/doc [netbsd-6-0]: CHANGES-6.0.7
Log Message:
1358
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.55 -r1.1.2.56 src/doc/CHANGES-6.0.7
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-6.0.7
diff -u src/doc/CHANGES-6.0.7:1.1.2.55 src/doc/CHANGES-6.0.7:1.1.2.56
--- src/doc/CHANGES-6.0.7:1.1.2.55 Wed Nov 18 07:45:00 2015
+++ src/doc/CHANGES-6.0.7 Fri Jan 8 21:24:58 2016
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.55 2015/11/18 07:45:00 msaitoh Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.56 2016/01/08 21:24:58 snj Exp $
A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
release:
@@ -7098,3 +7098,20 @@ sys/net/if_gif.c 1.91, 1.92
duplicate pair address.
fix CID 980463
[knakahara, ticket #1345]
+
+sys/arch/xen/include/xen-public/io/ring.h 1.3 via patch
+sys/arch/xen/xen/pciback.c 1.10 via patch
+sys/arch/xen/xen/xbdback_xenbus.c 1.62 via patch
+sys/arch/xen/xen/xennetback_xenbus.c 1.54 via patch
+
+ Apply patch from xsa155: make sure that the backend won't read
+ parts of the request again (possibly because of compiler
+ optimisations), by using copies and barrier.
+ From XSA155:
+ The compiler can emit optimizations in the PV backend drivers
+ which can lead to double fetch vulnerabilities. Specifically
+ the shared memory between the frontend and backend can be fetched
+ twice (during which time the frontend can alter the contents)
+ possibly leading to arbitrary code execution in backend.
+ [bouyer, ticket #1358]
+
