pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel45 add patches for XSAs 176, 180 and...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b98b8c5a6c09
branches: trunk
changeset: 350799:b98b8c5a6c09
user: spz <spz%pkgsrc.org@localhost>
date: Sat Aug 06 10:10:10 2016 +0000
description:
add patches for XSAs 176, 180 and 181 from upstream
diffstat:
sysutils/xenkernel45/Makefile | 4 +-
sysutils/xenkernel45/distinfo | 5 +-
sysutils/xenkernel45/patches/patch-XSA-176 | 31 ++++++++++++++
sysutils/xenkernel45/patches/patch-XSA-180 | 66 ++++++++++++++++++++++++++++++
sysutils/xenkernel45/patches/patch-XSA-181 | 18 ++++++++
5 files changed, 121 insertions(+), 3 deletions(-)
diffs (161 lines):
diff -r 37119893b134 -r b98b8c5a6c09 sysutils/xenkernel45/Makefile
--- a/sysutils/xenkernel45/Makefile Sat Aug 06 09:40:07 2016 +0000
+++ b/sysutils/xenkernel45/Makefile Sat Aug 06 10:10:10 2016 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.19 2016/07/26 14:31:56 bouyer Exp $
+# $NetBSD: Makefile,v 1.20 2016/08/06 10:10:10 spz Exp $
VERSION= 4.5.3
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel45-${VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff -r 37119893b134 -r b98b8c5a6c09 sysutils/xenkernel45/distinfo
--- a/sysutils/xenkernel45/distinfo Sat Aug 06 09:40:07 2016 +0000
+++ b/sysutils/xenkernel45/distinfo Sat Aug 06 10:10:10 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2016/07/26 14:31:56 bouyer Exp $
+$NetBSD: distinfo,v 1.16 2016/08/06 10:10:10 spz Exp $
SHA1 (xen-4.5.3.tar.gz) = 95d56c42642adcffe55dcf82a021d49115373108
RMD160 (xen-4.5.3.tar.gz) = 7ba586b20404e95308007663e87868c0ccc0e6f4
@@ -7,6 +7,9 @@
SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
SHA1 (patch-XSA-172) = ff4560534381d4d4c553170fbeb674f9361d9740
SHA1 (patch-XSA-173) = 0f6a2c4d9467713f3d969020f8fba62aa2f5297b
+SHA1 (patch-XSA-176) = 221ed0dce1a97e03c0f0cb216f5ffd13269fd162
+SHA1 (patch-XSA-180) = d50f2c7d4ae7bbc8d0ae892f7bdf4ca0ba867d1a
+SHA1 (patch-XSA-181) = 3fc00b9543d6bd834359a299c288839ad69f3fbb
SHA1 (patch-XSA-182) = 77dfd369df89a51355318e26e38837482f09996e
SHA1 (patch-XSA-183) = f2a6027ff71c32c16abeb1b17e3226b714a5f1f4
SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe
diff -r 37119893b134 -r b98b8c5a6c09 sysutils/xenkernel45/patches/patch-XSA-176
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel45/patches/patch-XSA-176 Sat Aug 06 10:10:10 2016 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-XSA-176,v 1.1 2016/08/06 10:10:10 spz Exp $
+
+patch for XSA-176 from upstream
+
+--- xen/arch/x86/mm/guest_walk.c.orig 2016-03-23 13:57:27.000000000 +0000
++++ xen/arch/x86/mm/guest_walk.c
+@@ -231,9 +237,14 @@ guest_walk_tables(struct vcpu *v, struct
+ rc |= _PAGE_PRESENT;
+ goto out;
+ }
++ if ( gflags & _PAGE_PSE )
++ {
++ rc |= _PAGE_PSE | _PAGE_INVALID_BIT;
++ goto out;
++ }
+ rc |= ((gflags & mflags) ^ mflags);
+
+- pse1G = (gflags & _PAGE_PSE) && guest_supports_1G_superpages(v);
++ pse1G = !!(gflags & _PAGE_PSE);
+
+ if ( pse1G )
+ {
+@@ -253,6 +264,8 @@ guest_walk_tables(struct vcpu *v, struct
+ /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */
+ flags &= ~_PAGE_PAT;
+
++ if ( !guest_supports_1G_superpages(v) )
++ rc |= _PAGE_PSE | _PAGE_INVALID_BIT;
+ if ( gfn_x(start) & GUEST_L3_GFN_MASK & ~0x1 )
+ rc |= _PAGE_INVALID_BITS;
+
diff -r 37119893b134 -r b98b8c5a6c09 sysutils/xenkernel45/patches/patch-XSA-180
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel45/patches/patch-XSA-180 Sat Aug 06 10:10:10 2016 +0000
@@ -0,0 +1,66 @@
+$NetBSD: patch-XSA-180,v 1.1 2016/08/06 10:10:10 spz Exp $
+
+patch for XSA-180 from upstream
+
+--- tools/qemu-xen-traditional/vl.c.orig 2016-01-04 15:36:03.000000000 +0000
++++ tools/qemu-xen-traditional/vl.c
+@@ -3753,6 +3753,50 @@ static void host_main_loop_wait(int *tim
+ }
+ #endif
+
++static void check_cve_2014_3672_xen(void)
++{
++ static unsigned long limit = ~0UL;
++ const int fd = 2;
++ struct stat stab;
++
++ if (limit == ~0UL) {
++ const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
++ /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
++ limit = s ? strtoul(s,0,0) : 1*1024*1024;
++ }
++ if (limit == 0)
++ return;
++
++ int r = fstat(fd, &stab);
++ if (r) {
++ perror("fstat stderr (for CVE-2014-3672 check)");
++ exit(-1);
++ }
++ if (!S_ISREG(stab.st_mode))
++ return;
++ if (stab.st_size <= limit)
++ return;
++
++ /* oh dear */
++ fprintf(stderr,"\r\n"
++ "Closing stderr due to CVE-2014-3672 limit. "
++ " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
++ " or 0 for no limit.\n");
++ fflush(stderr);
++
++ int nfd = open("/dev/null", O_WRONLY);
++ if (nfd < 0) {
++ perror("open /dev/null (for CVE-2014-3672 check)");
++ exit(-1);
++ }
++ r = dup2(nfd, fd);
++ if (r != fd) {
++ perror("dup2 /dev/null (for CVE-2014-3672 check)");
++ exit(-1);
++ }
++ close(nfd);
++}
++
+ void main_loop_wait(int timeout)
+ {
+ IOHandlerRecord *ioh;
+@@ -3762,6 +3806,8 @@ void main_loop_wait(int timeout)
+
+ qemu_bh_update_timeout(&timeout);
+
++ check_cve_2014_3672_xen();
++
+ host_main_loop_wait(&timeout);
+
+ /* poll any events */
diff -r 37119893b134 -r b98b8c5a6c09 sysutils/xenkernel45/patches/patch-XSA-181
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel45/patches/patch-XSA-181 Sat Aug 06 10:10:10 2016 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-XSA-181,v 1.1 2016/08/06 10:10:10 spz Exp $
+
+patch for XSA-181 from upstream
+note this patch is only for ARM, and thus not really relevant to
+this x86-only package
+
+--- xen/arch/arm/p2m.c.orig 2016-03-23 13:57:27.000000000 +0000
++++ xen/arch/arm/p2m.c
+@@ -1084,7 +1084,8 @@ void p2m_teardown(struct domain *d)
+ while ( (pg = page_list_remove_head(&p2m->pages)) )
+ free_domheap_page(pg);
+
+- free_domheap_pages(p2m->root, P2M_ROOT_ORDER);
++ if ( p2m->root )
++ free_domheap_pages(p2m->root, P2M_ROOT_ORDER);
+
+ p2m->root = NULL;
+
Home |
Main Index |
Thread Index |
Old Index