CVS commit: pkgsrc/sysutils/xentools42

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/sysutils/xentools42
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Fri, 13 Mar 2015 09:43:41 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Fri Mar 13 09:43:41 UTC 2015

Modified Files:
        pkgsrc/sysutils/xentools42: Makefile distinfo
Added Files:
        pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-2152

Log Message:
xsa119-4.2.patch from upstream:

>From b6e327fde6c365086594e2b46edf435aa1671b1a Mon Sep 17 00:00:00 2001
From: Ian Campbell <ian.campbell%citrix.com@localhost>
Date: Fri, 20 Feb 2015 14:41:09 +0000
Subject: [PATCH] tools: libxl: Explicitly disable graphics backends on qemu
 cmdline

By default qemu will try to create some sort of backend for the
emulated VGA device, either SDL or VNC.

However when the user specifies sdl=0 and vnc=0 in their configuration
libxl was not explicitly disabling either backend, which could lead to
one unexpectedly running.

If either sdl=1 or vnc=1 is configured then both before and after this
change only the backends which are explicitly enabled are configured,
i.e. this issue only occurs when all backends are supposed to have
been disabled.

This affects qemu-xen and qemu-xen-traditional differently.

If qemu-xen was compiled with SDL support then this would result in an
SDL window being opened if $DISPLAY is valid, or a failure to start
the guest if not. Passing "-display none" to qemu before any further
-sdl options disables this default behaviour and ensures that SDL is
only started if the libxl configuration demands it.

If qemu-xen was compiled without SDL support then qemu would instead
start a VNC server listening on ::1 (IPv6 localhost) or 127.0.0.1
(IPv4 localhost) with IPv6 preferred if available. Explicitly pass
"-vnc none" when vnc is not enabled in the libxl configuration to
remove this possibility.

qemu-xen-traditional would never start a vnc backend unless asked.
However by default it will start an SDL backend, the way to disable
this is to pass a -vnc option. In other words passing "-vnc none" will
disable both vnc and sdl by default. sdl can then be reenabled if
configured by subsequent use of the -sdl option.

Tested with both qemu-xen and qemu-xen-traditional built with SDL
support and:
        xl cr # defaults
        xl cr sdl=0 vnc=0
        xl cr sdl=1 vnc=0
        xl cr sdl=0 vnc=1
        xl cr sdl=0 vnc=0 vga=\"none\"
        xl cr sdl=0 vnc=0 nographic=1
with both valid and invalid $DISPLAY.

This is XSA-119.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/sysutils/xentools42/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/sysutils/xentools42/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools42/patches/patch-CVE-2015-2152

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/sysutils/xentools45
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/sysutils/xentools45
Indexes:

Home | Main Index | Thread Index | Old Index