pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q4]: pkgsrc/sysutils Pullup ticket #5693 - requested by bo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f5e1874debc4
branches: pkgsrc-2017Q4
changeset: 373126:f5e1874debc4
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Sun Jan 28 15:23:24 2018 +0000
description:
Pullup ticket #5693 - requested by bouyer
sysutils/xenkernel48: security fix
sysutils/xentools48: security fix
Revisions pulled up:
- sysutils/xenkernel48/Makefile 1.12
- sysutils/xenkernel48/distinfo 1.6
- sysutils/xenkernel48/patches/patch-XSA231 deleted
- sysutils/xenkernel48/patches/patch-XSA232 deleted
- sysutils/xenkernel48/patches/patch-XSA234 deleted
- sysutils/xenkernel48/patches/patch-XSA237 deleted
- sysutils/xenkernel48/patches/patch-XSA238 deleted
- sysutils/xenkernel48/patches/patch-XSA239 deleted
- sysutils/xenkernel48/patches/patch-XSA240 deleted
- sysutils/xenkernel48/patches/patch-XSA241 deleted
- sysutils/xenkernel48/patches/patch-XSA242 deleted
- sysutils/xenkernel48/patches/patch-XSA243 deleted
- sysutils/xenkernel48/patches/patch-XSA244 deleted
- sysutils/xenkernel48/patches/patch-XSA246 deleted
- sysutils/xenkernel48/patches/patch-XSA247 deleted
- sysutils/xenkernel48/patches/patch-XSA248 deleted
- sysutils/xenkernel48/patches/patch-XSA249 deleted
- sysutils/xenkernel48/patches/patch-XSA250 deleted
- sysutils/xenkernel48/patches/patch-XSA251 deleted
- sysutils/xenkernel48/patches/patch-XSA254-1 deleted
- sysutils/xenkernel48/patches/patch-XSA254-2 deleted
- sysutils/xenkernel48/patches/patch-XSA254-3 deleted
- sysutils/xenkernel48/patches/patch-XSA254-4 deleted
- sysutils/xentools48/Makefile 1.16
- sysutils/xentools48/distinfo 1.7-1.8
- sysutils/xentools48/patches/patch-XSA233 deleted
- sysutils/xentools48/patches/patch-XSA240 deleted
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Jan 24 23:29:33 UTC 2018
Modified Files:
pkgsrc/sysutils/xenkernel48: Makefile distinfo
pkgsrc/sysutils/xentools48: Makefile distinfo
Removed Files:
pkgsrc/sysutils/xenkernel48/patches: patch-XSA231 patch-XSA232
patch-XSA234 patch-XSA237 patch-XSA238 patch-XSA239 patch-XSA240
patch-XSA241 patch-XSA242 patch-XSA243 patch-XSA244 patch-XSA246
patch-XSA247 patch-XSA248 patch-XSA249 patch-XSA250 patch-XSA251
patch-XSA254-1 patch-XSA254-2 patch-XSA254-3 patch-XSA254-4
pkgsrc/sysutils/xentools48/patches: patch-XSA233 patch-XSA240
Log Message:
Update xen 4.8 packages to 4.8.3. Changes since 4.8.2: include patches from
all security advisory up to and including XSA254.
While there pass XEN_VENDORVERSION=nb${PKGREVISION} to make so that
'xl info' shows the NetBSD PKGREVISION. If PKGREVISION is not available,
define this as 'nb0'.
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Jan 27 16:44:40 UTC 2018
Modified Files:
pkgsrc/sysutils/xentools48: distinfo
Log Message:
Remove entries for patch-XSA233 and patch-XSA240 which have been deleted.
diffstat:
sysutils/xenkernel48/Makefile | 10 +-
sysutils/xenkernel48/distinfo | 27 +-
sysutils/xenkernel48/patches/patch-XSA231 | 110 ----
sysutils/xenkernel48/patches/patch-XSA232 | 25 -
sysutils/xenkernel48/patches/patch-XSA234 | 187 --------
sysutils/xenkernel48/patches/patch-XSA237 | 311 --------------
sysutils/xenkernel48/patches/patch-XSA238 | 47 --
sysutils/xenkernel48/patches/patch-XSA239 | 48 --
sysutils/xenkernel48/patches/patch-XSA240 | 665 ------------------------------
sysutils/xenkernel48/patches/patch-XSA241 | 104 ----
sysutils/xenkernel48/patches/patch-XSA242 | 45 --
sysutils/xenkernel48/patches/patch-XSA243 | 95 ----
sysutils/xenkernel48/patches/patch-XSA244 | 61 --
sysutils/xenkernel48/patches/patch-XSA246 | 76 ---
sysutils/xenkernel48/patches/patch-XSA247 | 287 ------------
sysutils/xenkernel48/patches/patch-XSA248 | 164 -------
sysutils/xenkernel48/patches/patch-XSA249 | 44 -
sysutils/xenkernel48/patches/patch-XSA250 | 69 ---
sysutils/xenkernel48/patches/patch-XSA251 | 23 -
sysutils/xentools48/Makefile | 5 +-
sysutils/xentools48/distinfo | 12 +-
sysutils/xentools48/patches/patch-XSA233 | 54 --
sysutils/xentools48/patches/patch-XSA240 | 56 --
23 files changed, 19 insertions(+), 2506 deletions(-)
diffs (truncated from 2663 to 300 lines):
diff -r aaa23be43d23 -r f5e1874debc4 sysutils/xenkernel48/Makefile
--- a/sysutils/xenkernel48/Makefile Sun Jan 28 12:36:21 2018 +0000
+++ b/sysutils/xenkernel48/Makefile Sun Jan 28 15:23:24 2018 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.9 2017/12/15 14:02:15 bouyer Exp $
+# $NetBSD: Makefile,v 1.9.2.1 2018/01/28 15:23:24 bsiegert Exp $
-VERSION= 4.8.2
+VERSION= 4.8.3
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel48-${VERSION}
-PKGREVISION= 2
CATEGORIES= sysutils
MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/
DIST_SUBDIR= xen48
@@ -26,6 +25,11 @@
PYTHON_VERSIONS_INCOMPATIBLE= 34 35 36
MAKE_ENV+= OCAML_TOOLS=no
+.if defined(PKGREVISION) && !empty(PKGREVISION) && (${PKGREVISION} != "0")
+MAKE_ENV+= XEN_VENDORVERSION=nb${PKGREVISION}
+.else
+MAKE_ENV+= XEN_VENDORVERSION=nb0
+.endif
INSTALLATION_DIRS= xen48-kernel
XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS}
diff -r aaa23be43d23 -r f5e1874debc4 sysutils/xenkernel48/distinfo
--- a/sysutils/xenkernel48/distinfo Sun Jan 28 12:36:21 2018 +0000
+++ b/sysutils/xenkernel48/distinfo Sun Jan 28 15:23:24 2018 +0000
@@ -1,27 +1,10 @@
-$NetBSD: distinfo,v 1.4 2017/12/15 14:02:15 bouyer Exp $
+$NetBSD: distinfo,v 1.4.2.1 2018/01/28 15:23:24 bsiegert Exp $
-SHA1 (xen48/xen-4.8.2.tar.gz) = 184c57ce9e71e34b3cbdd318524021f44946efbe
-RMD160 (xen48/xen-4.8.2.tar.gz) = f4126cb0f7ff427ed7d20ce399dcd1077c599343
-SHA512 (xen48/xen-4.8.2.tar.gz) = 7805531f73d23ecfff3439770e62d387f4254a444875670d53a0a739323e5d4d8f8fcc478f8936ee1ae8aff3e0229549e47c01c606365a8ce060dd5c503e87da
-Size (xen48/xen-4.8.2.tar.gz) = 22522336 bytes
+SHA1 (xen48/xen-4.8.3.tar.gz) = ee55e8dc1e79d16d2f85fbe1f8bbd27a2db8422f
+RMD160 (xen48/xen-4.8.3.tar.gz) = 54b7ba828d8198c2a4629eabf7acfba2e9c6561c
+SHA512 (xen48/xen-4.8.3.tar.gz) = 584d8ee6e432e291a70e8f727da6d0a71afff7509fbf2e32eeb9cfe58b8279a80770c2c5f7759dcb5c0b08ed4644039e770e280ab534673215753d598f3f6508
+Size (xen48/xen-4.8.3.tar.gz) = 22529092 bytes
SHA1 (patch-Config.mk) = abf55aa58792315e758ee3785a763cfa8c2da68f
-SHA1 (patch-XSA231) = fc249a68ea53064ff7d95f24380f66f3fc3393e7
-SHA1 (patch-XSA232) = 86d633941ac3165ca4034db660a48d60384ea252
-SHA1 (patch-XSA234) = acf4170a410d9f314c0cc0c5c092db6bb6cc69a0
-SHA1 (patch-XSA237) = 3125554b155bd650480934a37d89d1a7471dfb20
-SHA1 (patch-XSA238) = 58b6fcb73d314d7f06256ed3769210e49197aa90
-SHA1 (patch-XSA239) = 10619718e8a1536a7f52eb3838cdb490e6ba8c97
-SHA1 (patch-XSA240) = 77b398914ca79da6cd6abf34674d5476b6d3bcba
-SHA1 (patch-XSA241) = 351395135fcd30b7ba35e84a64bf6348214d4fa6
-SHA1 (patch-XSA242) = 77e224f927818adb77b8ef10329fd886ece62835
-SHA1 (patch-XSA243) = 75eef49628bc0b3bd4fe8b023cb2da75928103a7
-SHA1 (patch-XSA244) = 2739ff8a920630088853a9076f71ca2caf639320
-SHA1 (patch-XSA246) = b48433ee2213340d1bd3c810ea3e5c6de7890fd7
-SHA1 (patch-XSA247) = b92c4a7528ebd121ba2700610589df6fff40cbbf
-SHA1 (patch-XSA248) = d5787fa7fc48449ca90200811b66cb6278c750aa
-SHA1 (patch-XSA249) = 7037a35f37eb866f16fe90482e66d0eca95944c4
-SHA1 (patch-XSA250) = 25ab2e8c67ebe2b40cf073197c17f1625f5581f6
-SHA1 (patch-XSA251) = dc0786c85bcfbdd3f7a1c97a3af32c10deea8276
SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b
SHA1 (patch-xen_Rules.mk) = 5f33a667bae67c85d997a968c0f8b014b707d13c
SHA1 (patch-xen_arch_x86_Rules.mk) = e2d148fb308c37c047ca41a678471217b6166977
diff -r aaa23be43d23 -r f5e1874debc4 sysutils/xenkernel48/patches/patch-XSA231
--- a/sysutils/xenkernel48/patches/patch-XSA231 Sun Jan 28 12:36:21 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-$NetBSD: patch-XSA231,v 1.1 2017/10/17 08:42:30 bouyer Exp $
-
-From: George Dunlap <george.dunlap%citrix.com@localhost>
-Subject: xen/mm: make sure node is less than MAX_NUMNODES
-
-The output of MEMF_get_node(memflags) can be as large as nodeid_t can
-hold (currently 255). This is then used as an index to arrays of size
-MAX_NUMNODE, which is 64 on x86 and 1 on ARM, can be passed in by an
-untrusted guest (via memory_exchange and increase_reservation) and is
-not currently bounds-checked.
-
-Check the value in page_alloc.c before using it, and also check the
-value in the hypercall call sites and return -EINVAL if appropriate.
-Don't permit domains other than the hardware or control domain to
-allocate node-constrained memory.
-
-This is XSA-231.
-
-Reported-by: Matthew Daley <mattd%bugfuzz.com@localhost>
-Signed-off-by: George Dunlap <george.dunlap%citrix.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-
---- xen/common/memory.c.orig
-+++ xen/common/memory.c
-@@ -411,6 +411,31 @@ static void decrease_reservation(struct
- a->nr_done = i;
- }
-
-+static bool propagate_node(unsigned int xmf, unsigned int *memflags)
-+{
-+ const struct domain *currd = current->domain;
-+
-+ BUILD_BUG_ON(XENMEMF_get_node(0) != NUMA_NO_NODE);
-+ BUILD_BUG_ON(MEMF_get_node(0) != NUMA_NO_NODE);
-+
-+ if ( XENMEMF_get_node(xmf) == NUMA_NO_NODE )
-+ return true;
-+
-+ if ( is_hardware_domain(currd) || is_control_domain(currd) )
-+ {
-+ if ( XENMEMF_get_node(xmf) >= MAX_NUMNODES )
-+ return false;
-+
-+ *memflags |= MEMF_node(XENMEMF_get_node(xmf));
-+ if ( xmf & XENMEMF_exact_node_request )
-+ *memflags |= MEMF_exact_node;
-+ }
-+ else if ( xmf & XENMEMF_exact_node_request )
-+ return false;
-+
-+ return true;
-+}
-+
- static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
- {
- struct xen_memory_exchange exch;
-@@ -483,6 +508,12 @@ static long memory_exchange(XEN_GUEST_HA
- }
- }
-
-+ if ( unlikely(!propagate_node(exch.out.mem_flags, &memflags)) )
-+ {
-+ rc = -EINVAL;
-+ goto fail_early;
-+ }
-+
- d = rcu_lock_domain_by_any_id(exch.in.domid);
- if ( d == NULL )
- {
-@@ -501,7 +532,6 @@ static long memory_exchange(XEN_GUEST_HA
- d,
- XENMEMF_get_address_bits(exch.out.mem_flags) ? :
- (BITS_PER_LONG+PAGE_SHIFT)));
-- memflags |= MEMF_node(XENMEMF_get_node(exch.out.mem_flags));
-
- for ( i = (exch.nr_exchanged >> in_chunk_order);
- i < (exch.in.nr_extents >> in_chunk_order);
-@@ -864,12 +894,8 @@ static int construct_memop_from_reservat
- }
- read_unlock(&d->vnuma_rwlock);
- }
-- else
-- {
-- a->memflags |= MEMF_node(XENMEMF_get_node(r->mem_flags));
-- if ( r->mem_flags & XENMEMF_exact_node_request )
-- a->memflags |= MEMF_exact_node;
-- }
-+ else if ( unlikely(!propagate_node(r->mem_flags, &a->memflags)) )
-+ return -EINVAL;
-
- return 0;
- }
---- xen/common/page_alloc.c.orig
-+++ xen/common/page_alloc.c
-@@ -706,9 +706,13 @@ static struct page_info *alloc_heap_page
- if ( node >= MAX_NUMNODES )
- node = cpu_to_node(smp_processor_id());
- }
-+ else if ( unlikely(node >= MAX_NUMNODES) )
-+ {
-+ ASSERT_UNREACHABLE();
-+ return NULL;
-+ }
- first_node = node;
-
-- ASSERT(node < MAX_NUMNODES);
- ASSERT(zone_lo <= zone_hi);
- ASSERT(zone_hi < NR_ZONES);
-
diff -r aaa23be43d23 -r f5e1874debc4 sysutils/xenkernel48/patches/patch-XSA232
--- a/sysutils/xenkernel48/patches/patch-XSA232 Sun Jan 28 12:36:21 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-$NetBSD: patch-XSA232,v 1.1 2017/10/17 08:42:30 bouyer Exp $
-
-From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Subject: grant_table: fix GNTTABOP_cache_flush handling
-
-Don't fall over a NULL grant_table pointer when the owner of the domain
-is a system domain (DOMID_{XEN,IO} etc).
-
-This is XSA-232.
-
-Reported-by: Matthew Daley <mattd%bugfuzz.com@localhost>
-Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Reviewed-by: Jan Beulich <jbeulich%suse.com@localhost>
-
---- xen/common/grant_table.c.orig
-+++ xen/common/grant_table.c
-@@ -3053,7 +3053,7 @@ static int cache_flush(gnttab_cache_flus
-
- page = mfn_to_page(mfn);
- owner = page_get_owner_and_reference(page);
-- if ( !owner )
-+ if ( !owner || !owner->grant_table )
- {
- rcu_unlock_domain(d);
- return -EPERM;
diff -r aaa23be43d23 -r f5e1874debc4 sysutils/xenkernel48/patches/patch-XSA234
--- a/sysutils/xenkernel48/patches/patch-XSA234 Sun Jan 28 12:36:21 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,187 +0,0 @@
-$NetBSD: patch-XSA234,v 1.1 2017/10/17 08:42:30 bouyer Exp $
-
-From: Jan Beulich <jbeulich%suse.com@localhost>
-Subject: gnttab: also validate PTE permissions upon destroy/replace
-
-In order for PTE handling to match up with the reference counting done
-by common code, presence and writability of grant mapping PTEs must
-also be taken into account; validating just the frame number is not
-enough. This is in particular relevant if a guest fiddles with grant
-PTEs via non-grant hypercalls.
-
-Note that the flags being passed to replace_grant_host_mapping()
-already happen to be those of the existing mapping, so no new function
-parameter is needed.
-
-This is XSA-234.
-
-Reported-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-
---- xen/arch/x86/mm.c.orig
-+++ xen/arch/x86/mm.c
-@@ -4017,7 +4017,8 @@ static int create_grant_pte_mapping(
- }
-
- static int destroy_grant_pte_mapping(
-- uint64_t addr, unsigned long frame, struct domain *d)
-+ uint64_t addr, unsigned long frame, unsigned int grant_pte_flags,
-+ struct domain *d)
- {
- int rc = GNTST_okay;
- void *va;
-@@ -4063,16 +4064,27 @@ static int destroy_grant_pte_mapping(
-
- ol1e = *(l1_pgentry_t *)va;
-
-- /* Check that the virtual address supplied is actually mapped to frame. */
-- if ( unlikely(l1e_get_pfn(ol1e) != frame) )
-+ /*
-+ * Check that the PTE supplied actually maps frame (with appropriate
-+ * permissions).
-+ */
-+ if ( unlikely(l1e_get_pfn(ol1e) != frame) ||
-+ unlikely((l1e_get_flags(ol1e) ^ grant_pte_flags) &
-+ (_PAGE_PRESENT | _PAGE_RW)) )
- {
- page_unlock(page);
-- MEM_LOG("PTE entry %lx for address %"PRIx64" doesn't match frame %lx",
-- (unsigned long)l1e_get_intpte(ol1e), addr, frame);
-+ MEM_LOG("PTE %"PRIpte" at %"PRIx64" doesn't match grant (%"PRIpte")",
-+ l1e_get_intpte(ol1e), addr,
-+ l1e_get_intpte(l1e_from_pfn(frame, grant_pte_flags)));
- rc = GNTST_general_error;
- goto failed;
- }
-
-+ if ( unlikely((l1e_get_flags(ol1e) ^ grant_pte_flags) &
-+ ~(_PAGE_AVAIL | PAGE_CACHE_ATTRS)) )
-+ MEM_LOG("PTE flags %x at %"PRIx64" don't match grant (%x)\n",
-+ l1e_get_flags(ol1e), addr, grant_pte_flags);
-+
- /* Delete pagetable entry. */
- if ( unlikely(!UPDATE_ENTRY
- (l1,
-@@ -4081,7 +4093,7 @@ static int destroy_grant_pte_mapping(
- 0)) )
- {
- page_unlock(page);
-- MEM_LOG("Cannot delete PTE entry at %p", va);
-+ MEM_LOG("Cannot delete PTE entry at %"PRIx64, addr);
- rc = GNTST_general_error;
- goto failed;
- }
-@@ -4149,7 +4161,8 @@ static int create_grant_va_mapping(
- }
-
- static int replace_grant_va_mapping(
-- unsigned long addr, unsigned long frame, l1_pgentry_t nl1e, struct vcpu *v)
-+ unsigned long addr, unsigned long frame, unsigned int grant_pte_flags,
-+ l1_pgentry_t nl1e, struct vcpu *v)
- {
- l1_pgentry_t *pl1e, ol1e;
- unsigned long gl1mfn;
-@@ -4185,19 +4198,30 @@ static int replace_grant_va_mapping(
-
- ol1e = *pl1e;
-
-- /* Check that the virtual address supplied is actually mapped to frame. */
-- if ( unlikely(l1e_get_pfn(ol1e) != frame) )
Home |
Main Index |
Thread Index |
Old Index