pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/xentools413 Add upstream patches for a bunch ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6e29cf307e90
branches: trunk
changeset: 443567:6e29cf307e90
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Wed Dec 16 17:17:08 2020 +0000
description:
Add upstream patches for a bunch of Xen security avisories, related
to xenstore permissions.
diffstat:
sysutils/xentools413/Makefile | 4 +-
sysutils/xentools413/distinfo | 14 +-
sysutils/xentools413/patches/patch-XSA115-c | 1755 ++++++++++
sysutils/xentools413/patches/patch-XSA115-o | 711 ++++
sysutils/xentools413/patches/patch-XSA322-c | 534 +++
sysutils/xentools413/patches/patch-XSA322-o | 112 +
sysutils/xentools413/patches/patch-XSA323 | 142 +
sysutils/xentools413/patches/patch-XSA324 | 50 +
sysutils/xentools413/patches/patch-XSA325 | 194 +
sysutils/xentools413/patches/patch-XSA330 | 68 +
sysutils/xentools413/patches/patch-XSA352 | 44 +
sysutils/xentools413/patches/patch-XSA353 | 91 +
sysutils/xentools413/patches/patch-tools_ocaml_xenstored_utils.ml | 12 +-
13 files changed, 3721 insertions(+), 10 deletions(-)
diffs (truncated from 3816 to 300 lines):
diff -r 62e40351f2c1 -r 6e29cf307e90 sysutils/xentools413/Makefile
--- a/sysutils/xentools413/Makefile Wed Dec 16 17:15:22 2020 +0000
+++ b/sysutils/xentools413/Makefile Wed Dec 16 17:17:08 2020 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.13 2020/12/04 20:45:43 nia Exp $
+# $NetBSD: Makefile,v 1.14 2020/12/16 17:17:08 bouyer Exp $
#
VERSION= 4.13.2
DIST_SUBDIR= xen413
DISTNAME= xen-${VERSION}
PKGNAME= xentools413-${VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
#PKGREVISION= 0
CATEGORIES= sysutils
MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/
diff -r 62e40351f2c1 -r 6e29cf307e90 sysutils/xentools413/distinfo
--- a/sysutils/xentools413/distinfo Wed Dec 16 17:15:22 2020 +0000
+++ b/sysutils/xentools413/distinfo Wed Dec 16 17:17:08 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2020/11/06 21:45:49 bouyer Exp $
+$NetBSD: distinfo,v 1.6 2020/12/16 17:17:08 bouyer Exp $
SHA1 (xen413/ipxe-1dd56dbd11082fb622c2ed21cfaced4f47d798a6.tar.gz) = b78d21457bc07b4c4d3e770109c169ddafdacdf5
RMD160 (xen413/ipxe-1dd56dbd11082fb622c2ed21cfaced4f47d798a6.tar.gz) = 846dbcc0f56e87fca8c87b00ca2ed031471d4246
@@ -14,6 +14,16 @@
Size (xen413/xen-4.13.2.tar.gz) = 39037826 bytes
SHA1 (patch-Config.mk) = c41005a60de2f94a72b0206030eb021c137653d3
SHA1 (patch-Makefile) = 6c580cbea532d08a38cf5e54228bd0210a98da21
+SHA1 (patch-XSA115-c) = 7e3216a23c522fc73f47fa6deef8918c4dce7fae
+SHA1 (patch-XSA115-o) = 7b8a0f76b9e8345c3bb39ba2dd36207d8563d5ba
+SHA1 (patch-XSA322-c) = dc2f310207b1ab172470485e9e43a3b187d2259f
+SHA1 (patch-XSA322-o) = a1cc198752fa7d9336123a1a985317a610cab814
+SHA1 (patch-XSA323) = 98055b0c05ed0d0f5ebbe23d429a68a71d92f20f
+SHA1 (patch-XSA324) = a1cdb872a79fd7d9234030ec2765d0a474f72fbb
+SHA1 (patch-XSA325) = 59c7fba006588db4accee1068072612777620ac3
+SHA1 (patch-XSA330) = dd745d8ae212f139ed32fcf8c99618fc42642d9e
+SHA1 (patch-XSA352) = 7c4479c029d9bbbf6578ee148cb926bb2d849789
+SHA1 (patch-XSA353) = 6983aa18399dcf0ac1471ffdf7c27c1bc041f49c
SHA1 (patch-docs_man_xl-disk-configuration.5.pod) = 9261cc5035dba3414e32955da80707baab042476
SHA1 (patch-docs_man_xl.1.pod.in) = ac3525478471a43fd30fa40c7e89d4b5cb164038
SHA1 (patch-docs_man_xl.cfg.5.pod.in) = 5970961552f29c4536a884161a208a27a20dccf4
@@ -63,7 +73,7 @@
SHA1 (patch-tools_ocaml_common.make) = 4b845bdf3a013852109749ee18dfe28e3440d951
SHA1 (patch-tools_ocaml_libs_eventchn_xeneventchn_stubs.c) = 371e45af87b4432aedeaba1871aa94a4f492e011
SHA1 (patch-tools_ocaml_xenstored_Makefile) = b267702cf4090c7b45bba530e60327fced24e3e5
-SHA1 (patch-tools_ocaml_xenstored_utils.ml) = fd951de732d6c31cae89bd4b58c5650108578d79
+SHA1 (patch-tools_ocaml_xenstored_utils.ml) = 5e85a0039d668c9b533e8deaa65fcdab9a5ad4c7
SHA1 (patch-tools_qemu-xen-traditional_Makefile) = 5fbb55bf84f9856043be301d5d06530190fe9a60
SHA1 (patch-tools_qemu-xen-traditional_block-raw-posix.c) = eb3efea4b0c7fd744f627f1926fca737ba826b99
SHA1 (patch-tools_qemu-xen-traditional_configure) = 6a42dcac010f90439a347c0f6e886b07185cb19a
diff -r 62e40351f2c1 -r 6e29cf307e90 sysutils/xentools413/patches/patch-XSA115-c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xentools413/patches/patch-XSA115-c Wed Dec 16 17:17:08 2020 +0000
@@ -0,0 +1,1755 @@
+$NetBSD: patch-XSA115-c,v 1.1 2020/12/16 17:17:08 bouyer Exp $
+
+From e92f3dfeaae21a335e666c9247954424e34e5c56 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross%suse.com@localhost>
+Date: Thu, 11 Jun 2020 16:12:37 +0200
+Subject: [PATCH 01/10] tools/xenstore: allow removing child of a node
+ exceeding quota
+
+An unprivileged user of Xenstore is not allowed to write nodes with a
+size exceeding a global quota, while privileged users like dom0 are
+allowed to write such nodes. The size of a node is the needed space
+to store all node specific data, this includes the names of all
+children of the node.
+
+When deleting a node its parent has to be modified by removing the
+name of the to be deleted child from it.
+
+This results in the strange situation that an unprivileged owner of a
+node might not succeed in deleting that node in case its parent is
+exceeding the quota of that unprivileged user (it might have been
+written by dom0), as the user is not allowed to write the updated
+parent node.
+
+Fix that by not checking the quota when writing a node for the
+purpose of removing a child's name only.
+
+The same applies to transaction handling: a node being read during a
+transaction is written to the transaction specific area and it should
+not be tested for exceeding the quota, as it might not be owned by
+the reader and presumably the original write would have failed if the
+node is owned by the reader.
+
+This is part of XSA-115.
+
+Signed-off-by: Juergen Gross <jgross%suse.com@localhost>
+Reviewed-by: Julien Grall <jgrall%amazon.com@localhost>
+Reviewed-by: Paul Durrant <paul%xen.org@localhost>
+---
+ tools/xenstore/xenstored_core.c | 20 +++++++++++---------
+ tools/xenstore/xenstored_core.h | 3 ++-
+ tools/xenstore/xenstored_transaction.c | 2 +-
+ 3 files changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
+index 97ceabf9642d..b43e1018babd 100644
+--- tools/xenstore/xenstored_core.c.orig
++++ tools/xenstore/xenstored_core.c
+@@ -417,7 +417,8 @@ static struct node *read_node(struct connection *conn, const void *ctx,
+ return node;
+ }
+
+-int write_node_raw(struct connection *conn, TDB_DATA *key, struct node *node)
++int write_node_raw(struct connection *conn, TDB_DATA *key, struct node *node,
++ bool no_quota_check)
+ {
+ TDB_DATA data;
+ void *p;
+@@ -427,7 +428,7 @@ int write_node_raw(struct connection *conn, TDB_DATA *key, struct node *node)
+ + node->num_perms*sizeof(node->perms[0])
+ + node->datalen + node->childlen;
+
+- if (domain_is_unprivileged(conn) &&
++ if (!no_quota_check && domain_is_unprivileged(conn) &&
+ data.dsize >= quota_max_entry_size) {
+ errno = ENOSPC;
+ return errno;
+@@ -455,14 +456,15 @@ int write_node_raw(struct connection *conn, TDB_DATA *key, struct node *node)
+ return 0;
+ }
+
+-static int write_node(struct connection *conn, struct node *node)
++static int write_node(struct connection *conn, struct node *node,
++ bool no_quota_check)
+ {
+ TDB_DATA key;
+
+ if (access_node(conn, node, NODE_ACCESS_WRITE, &key))
+ return errno;
+
+- return write_node_raw(conn, &key, node);
++ return write_node_raw(conn, &key, node, no_quota_check);
+ }
+
+ static enum xs_perm_type perm_for_conn(struct connection *conn,
+@@ -999,7 +1001,7 @@ static struct node *create_node(struct connection *conn, const void *ctx,
+ /* We write out the nodes down, setting destructor in case
+ * something goes wrong. */
+ for (i = node; i; i = i->parent) {
+- if (write_node(conn, i)) {
++ if (write_node(conn, i, false)) {
+ domain_entry_dec(conn, i);
+ return NULL;
+ }
+@@ -1039,7 +1041,7 @@ static int do_write(struct connection *conn, struct buffered_data *in)
+ } else {
+ node->data = in->buffer + offset;
+ node->datalen = datalen;
+- if (write_node(conn, node))
++ if (write_node(conn, node, false))
+ return errno;
+ }
+
+@@ -1115,7 +1117,7 @@ static int remove_child_entry(struct connection *conn, struct node *node,
+ size_t childlen = strlen(node->children + offset);
+ memdel(node->children, offset, childlen + 1, node->childlen);
+ node->childlen -= childlen + 1;
+- return write_node(conn, node);
++ return write_node(conn, node, true);
+ }
+
+
+@@ -1254,7 +1256,7 @@ static int do_set_perms(struct connection *conn, struct buffered_data *in)
+ node->num_perms = num;
+ domain_entry_inc(conn, node);
+
+- if (write_node(conn, node))
++ if (write_node(conn, node, false))
+ return errno;
+
+ fire_watches(conn, in, name, false);
+@@ -1514,7 +1516,7 @@ static void manual_node(const char *name, const char *child)
+ if (child)
+ node->childlen = strlen(child) + 1;
+
+- if (write_node(NULL, node))
++ if (write_node(NULL, node, false))
+ barf_perror("Could not create initial node %s", name);
+ talloc_free(node);
+ }
+diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h
+index 56a279cfbb47..3cb1c235a101 100644
+--- tools/xenstore/xenstored_core.h.orig
++++ tools/xenstore/xenstored_core.h
+@@ -149,7 +149,8 @@ void send_ack(struct connection *conn, enum xsd_sockmsg_type type);
+ char *canonicalize(struct connection *conn, const void *ctx, const char *node);
+
+ /* Write a node to the tdb data base. */
+-int write_node_raw(struct connection *conn, TDB_DATA *key, struct node *node);
++int write_node_raw(struct connection *conn, TDB_DATA *key, struct node *node,
++ bool no_quota_check);
+
+ /* Get this node, checking we have permissions. */
+ struct node *get_node(struct connection *conn,
+diff --git a/tools/xenstore/xenstored_transaction.c b/tools/xenstore/xenstored_transaction.c
+index 2824f7b359b8..e87897573469 100644
+--- tools/xenstore/xenstored_transaction.c.orig
++++ tools/xenstore/xenstored_transaction.c
+@@ -276,7 +276,7 @@ int access_node(struct connection *conn, struct node *node,
+ i->check_gen = true;
+ if (node->generation != NO_GENERATION) {
+ set_tdb_key(trans_name, &local_key);
+- ret = write_node_raw(conn, &local_key, node);
++ ret = write_node_raw(conn, &local_key, node, true);
+ if (ret)
+ goto err;
+ i->ta_node = true;
+--
+2.17.1
+
+From e8076f73de65c4816f69d6ebf75839c706145fcd Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross%suse.com@localhost>
+Date: Thu, 11 Jun 2020 16:12:38 +0200
+Subject: [PATCH 02/10] tools/xenstore: ignore transaction id for [un]watch
+
+Instead of ignoring the transaction id for XS_WATCH and XS_UNWATCH
+commands as it is documented in docs/misc/xenstore.txt, it is tested
+for validity today.
+
+Really ignore the transaction id for XS_WATCH and XS_UNWATCH.
+
+This is part of XSA-115.
+
+Signed-off-by: Juergen Gross <jgross%suse.com@localhost>
+Reviewed-by: Julien Grall <jgrall%amazon.com@localhost>
+Reviewed-by: Paul Durrant <paul%xen.org@localhost>
+---
+ tools/xenstore/xenstored_core.c | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
+index b43e1018babd..bb2f9fd4e76e 100644
+--- tools/xenstore/xenstored_core.c.orig
++++ tools/xenstore/xenstored_core.c
+@@ -1268,13 +1268,17 @@ static int do_set_perms(struct connection *conn, struct buffered_data *in)
+ static struct {
+ const char *str;
+ int (*func)(struct connection *conn, struct buffered_data *in);
++ unsigned int flags;
++#define XS_FLAG_NOTID (1U << 0) /* Ignore transaction id. */
+ } const wire_funcs[XS_TYPE_COUNT] = {
+ [XS_CONTROL] = { "CONTROL", do_control },
+ [XS_DIRECTORY] = { "DIRECTORY", send_directory },
+ [XS_READ] = { "READ", do_read },
+ [XS_GET_PERMS] = { "GET_PERMS", do_get_perms },
+- [XS_WATCH] = { "WATCH", do_watch },
+- [XS_UNWATCH] = { "UNWATCH", do_unwatch },
++ [XS_WATCH] =
++ { "WATCH", do_watch, XS_FLAG_NOTID },
++ [XS_UNWATCH] =
++ { "UNWATCH", do_unwatch, XS_FLAG_NOTID },
+ [XS_TRANSACTION_START] = { "TRANSACTION_START", do_transaction_start },
+ [XS_TRANSACTION_END] = { "TRANSACTION_END", do_transaction_end },
+ [XS_INTRODUCE] = { "INTRODUCE", do_introduce },
+@@ -1296,7 +1300,7 @@ static struct {
+
+ static const char *sockmsg_string(enum xsd_sockmsg_type type)
+ {
+- if ((unsigned)type < XS_TYPE_COUNT && wire_funcs[type].str)
++ if ((unsigned int)type < ARRAY_SIZE(wire_funcs) && wire_funcs[type].str)
+ return wire_funcs[type].str;
+
+ return "**UNKNOWN**";
+@@ -1311,7 +1315,14 @@ static void process_message(struct connection *conn, struct buffered_data *in)
+ enum xsd_sockmsg_type type = in->hdr.msg.type;
+ int ret;
+
+- trans = transaction_lookup(conn, in->hdr.msg.tx_id);
++ if ((unsigned int)type >= XS_TYPE_COUNT || !wire_funcs[type].func) {
++ eprintf("Client unknown operation %i", type);
++ send_error(conn, ENOSYS);
++ return;
++ }
++
++ trans = (wire_funcs[type].flags & XS_FLAG_NOTID)
++ ? NULL : transaction_lookup(conn, in->hdr.msg.tx_id);
+ if (IS_ERR(trans)) {
+ send_error(conn, -PTR_ERR(trans));
+ return;
+@@ -1320,12 +1331,7 @@ static void process_message(struct connection *conn, struct buffered_data *in)
+ assert(conn->transaction == NULL);
+ conn->transaction = trans;
+
+- if ((unsigned)type < XS_TYPE_COUNT && wire_funcs[type].func)
+- ret = wire_funcs[type].func(conn, in);
+- else {
+- eprintf("Client unknown operation %i", type);
+- ret = ENOSYS;
+- }
++ ret = wire_funcs[type].func(conn, in);
+ if (ret)
+ send_error(conn, ret);
+
+--
+2.17.1
Home |
Main Index |
Thread Index |
Old Index