diff options
| author | tron <tron@pkgsrc.org> | 2008-10-11 18:27:49 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2008-10-11 18:27:49 +0000 |
| commit | 432c3ef9c5f8772c2b6fdb8213f90bf1992553cd (patch) | |
| tree | bbff6232692fab151cfcdedb287f4a4335d53fae | |
| parent | cc7f0b7e8515fec4a8ed523dbb2a2bcefd558015 (diff) | |
| download | pkgsrc-432c3ef9c5f8772c2b6fdb8213f90bf1992553cd.tar.gz | |
Pullup ticket #2548 - requested by cegger
xentools33: security patch
Revisions pulled up:
- sysutils/xentools33/Makefile 1.10
- sysutils/xentools33/distinfo 1.13
- sysutils/xentools33/patches/patch-ga 1.1
- sysutils/xentools33/patches/patch-gc 1.1
- sysutils/xentools33/patches/patch-gd 1.1
---
Module Name: pkgsrc
Committed By: cegger
Date: Wed Oct 8 19:13:41 UTC 2008
Modified Files:
pkgsrc/sysutils/xentools33: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools33/patches: patch-ga patch-gb patch-gc patch-gd
Log Message:
Apply changeset 18434 from upstream xen-3.3-testing tree.
This fixes security issue http://secunia.com/advisories/32064/
| -rw-r--r-- | sysutils/xentools33/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xentools33/distinfo | 5 | ||||
| -rw-r--r-- | sysutils/xentools33/patches/patch-ga | 111 | ||||
| -rw-r--r-- | sysutils/xentools33/patches/patch-gc | 152 | ||||
| -rw-r--r-- | sysutils/xentools33/patches/patch-gd | 60 |
5 files changed, 329 insertions, 3 deletions
diff --git a/sysutils/xentools33/Makefile b/sysutils/xentools33/Makefile index bdba4bb59e2..a6a4fd7a32c 100644 --- a/sysutils/xentools33/Makefile +++ b/sysutils/xentools33/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.9 2008/09/30 15:08:34 joerg Exp $ +# $NetBSD: Makefile,v 1.9.2.1 2008/10/11 18:27:49 tron Exp $ # VERSION= 3.3.0 DISTNAME= xen-${VERSION} PKGNAME= xentools33-${VERSION} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ EXTRACT_SUFX= .tar.gz diff --git a/sysutils/xentools33/distinfo b/sysutils/xentools33/distinfo index 221c285699a..5bafdcb65fb 100644 --- a/sysutils/xentools33/distinfo +++ b/sysutils/xentools33/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2008/09/30 15:08:34 joerg Exp $ +$NetBSD: distinfo,v 1.12.2.1 2008/10/11 18:27:49 tron Exp $ SHA1 (xen-3.3.0.tar.gz) = b6365864eeb5125e0f66a056c4c72816e1789358 RMD160 (xen-3.3.0.tar.gz) = c98c08617e302ef4004d17cb0ba161d0ed7af59c @@ -49,3 +49,6 @@ SHA1 (patch-fb) = 22a07628566b43aa786c410927d29a283e8cf141 SHA1 (patch-fc) = 37c9b0897182de93a01f9620ef6346ef68157770 SHA1 (patch-fd) = cb4741bf33050d72cfbcd2eff4a8632d976de643 SHA1 (patch-fe) = 85d42672766fe8ce2dc7f745938722710c6ee5a3 +SHA1 (patch-ga) = c7a32f0feefd9b00993e64e406ad2914e6737fb6 +SHA1 (patch-gc) = 26a750ca14bcaa33b3f63c16104d2acfae764c96 +SHA1 (patch-gd) = 78e9bcba7dbd2dbd520c015947240b7e514abf8c diff --git a/sysutils/xentools33/patches/patch-ga b/sysutils/xentools33/patches/patch-ga new file mode 100644 index 00000000000..67d07994c3e --- /dev/null +++ b/sysutils/xentools33/patches/patch-ga @@ -0,0 +1,111 @@ +$NetBSD: patch-ga,v 1.1.2.2 2008/10/11 18:27:49 tron Exp $ + +--- python/xen/xend/XendDomainInfo.py.orig 2008-08-22 09:49:08.000000000 +0000 ++++ python/xen/xend/XendDomainInfo.py +@@ -455,8 +455,8 @@ class XendDomainInfo: + try: + self._constructDomain() + self._storeVmDetails() +- self._createDevices() + self._createChannels() ++ self._createDevices() + self._storeDomDetails() + self._endRestore() + except: +@@ -1232,31 +1232,6 @@ class XendDomainInfo: + def permissionsVm(self, *args): + return xstransact.SetPermissions(self.vmpath, *args) + +- +- def _readVmTxn(self, transaction, *args): +- paths = map(lambda x: self.vmpath + "/" + x, args) +- return transaction.read(*paths) +- +- def _writeVmTxn(self, transaction, *args): +- paths = map(lambda x: self.vmpath + "/" + x, args) +- return transaction.write(*paths) +- +- def _removeVmTxn(self, transaction, *args): +- paths = map(lambda x: self.vmpath + "/" + x, args) +- return transaction.remove(*paths) +- +- def _gatherVmTxn(self, transaction, *args): +- paths = map(lambda x: self.vmpath + "/" + x, args) +- return transaction.gather(paths) +- +- def storeVmTxn(self, transaction, *args): +- paths = map(lambda x: self.vmpath + "/" + x, args) +- return transaction.store(*paths) +- +- def permissionsVmTxn(self, transaction, *args): +- paths = map(lambda x: self.vmpath + "/" + x, args) +- return transaction.set_permissions(*paths) +- + # + # Function to update xenstore /dom/* + # +@@ -1304,8 +1279,11 @@ class XendDomainInfo: + def _recreateDomFunc(self, t): + t.remove() + t.mkdir() +- t.set_permissions({'dom' : self.domid}) ++ t.set_permissions({'dom' : self.domid, 'read' : True}) + t.write('vm', self.vmpath) ++ for i in [ 'device', 'control', 'error' ]: ++ t.mkdir(i) ++ t.set_permissions(i, {'dom' : self.domid}) + + def _storeDomDetails(self): + to_store = { +@@ -2390,11 +2368,11 @@ class XendDomainInfo: + + paths = self._prepare_phantom_paths() + +- self._cleanupVm() + if self.dompath is not None: + self.destroyDomain() + + self._cleanup_phantom_devs(paths) ++ self._cleanupVm() + + if "transient" in self.info["other_config"] \ + and bool(self.info["other_config"]["transient"]): +@@ -2731,7 +2709,6 @@ class XendDomainInfo: + self._writeVm(to_store) + self._setVmPermissions() + +- + def _setVmPermissions(self): + """Allow the guest domain to read its UUID. We don't allow it to + access any other entry, for security.""" +@@ -2750,7 +2727,7 @@ class XendDomainInfo: + log.warn("".join(traceback.format_stack())) + return self._stateGet() + else: +- raise AttributeError() ++ raise AttributeError(name) + + def __setattr__(self, name, value): + if name == "state": +@@ -2864,12 +2841,6 @@ class XendDomainInfo: + ignore_devices = ignore_store, + legacy_only = legacy_only) + +- #if not ignore_store and self.dompath: +- # vnc_port = self.readDom('console/vnc-port') +- # if vnc_port is not None: +- # result.append(['device', +- # ['console', ['vnc-port', str(vnc_port)]]]) +- + return result + + # Xen API +@@ -3135,7 +3106,7 @@ class XendDomainInfo: + if not config.has_key('device'): + devid = config.get('id') + if devid != None: +- config['device'] = 'eth%d' % devid ++ config['device'] = 'eth%s' % devid + else: + config['device'] = '' + diff --git a/sysutils/xentools33/patches/patch-gc b/sysutils/xentools33/patches/patch-gc new file mode 100644 index 00000000000..a74f9522b39 --- /dev/null +++ b/sysutils/xentools33/patches/patch-gc @@ -0,0 +1,152 @@ +$NetBSD: patch-gc,v 1.1.2.2 2008/10/11 18:27:49 tron Exp $ + +--- python/xen/xend/server/DevController.py.orig 2008-08-22 09:49:08.000000000 +0000 ++++ python/xen/xend/server/DevController.py +@@ -126,8 +126,11 @@ class DevController: + log.debug( + 'DevController: still waiting to write device entries.') + ++ devpath = self.devicePath(devid) ++ + t.remove(frontpath) + t.remove(backpath) ++ t.remove(devpath) + + t.mkdir(backpath) + t.set_permissions(backpath, +@@ -142,6 +145,14 @@ class DevController: + t.write2(frontpath, front) + t.write2(backpath, back) + ++ t.mkdir(devpath) ++ t.write2(devpath, { ++ 'backend' : backpath, ++ 'backend-id' : "%i" % backdom, ++ 'frontend' : frontpath, ++ 'frontend-id' : "%i" % self.vm.getDomid() ++ }) ++ + if t.commit(): + return devid + +@@ -254,11 +265,12 @@ class DevController: + + if force: + frontpath = self.frontendPath(dev) +- backpath = xstransact.Read(frontpath, "backend") ++ backpath = self.readVm(devid, "backend") + if backpath: + xstransact.Remove(backpath) + xstransact.Remove(frontpath) + ++ # xstransact.Remove(self.devicePath()) ?? Below is the same ? + self.vm._removeVm("device/%s/%d" % (self.deviceClass, dev)) + + def configurations(self, transaction = None): +@@ -302,9 +314,10 @@ class DevController: + @return: dict + """ + if transaction is None: +- backdomid = xstransact.Read(self.frontendPath(devid), "backend-id") ++ backdomid = xstransact.Read(self.devicePath(devid), "backend-id") + else: +- backdomid = transaction.read(self.frontendPath(devid) + "/backend-id") ++ backdomid = transaction.read(self.devicePath(devid) + "/backend-id") ++ + if backdomid is None: + raise VmError("Device %s not connected" % devid) + +@@ -446,17 +459,22 @@ class DevController: + else: + raise VmError("Device %s not connected" % devid) + ++ def readVm(self, devid, *args): ++ devpath = self.devicePath(devid) ++ if devpath: ++ return xstransact.Read(devpath, *args) ++ else: ++ raise VmError("Device config %s not found" % devid) ++ + def readBackend(self, devid, *args): +- frontpath = self.frontendPath(devid) +- backpath = xstransact.Read(frontpath, "backend") ++ backpath = self.readVm(devid, "backend") + if backpath: + return xstransact.Read(backpath, *args) + else: + raise VmError("Device %s not connected" % devid) + + def readBackendTxn(self, transaction, devid, *args): +- frontpath = self.frontendPath(devid) +- backpath = transaction.read(frontpath + "/backend") ++ backpath = self.readVm(devid, "backend") + if backpath: + paths = map(lambda x: backpath + "/" + x, args) + return transaction.read(*paths) +@@ -474,7 +492,7 @@ class DevController: + """@return The IDs of each of the devices currently configured for + this instance's deviceClass. + """ +- fe = self.backendRoot() ++ fe = self.deviceRoot() + + if transaction: + return map(lambda x: int(x.split('/')[-1]), transaction.list(fe)) +@@ -483,8 +501,7 @@ class DevController: + + + def writeBackend(self, devid, *args): +- frontpath = self.frontendPath(devid) +- backpath = xstransact.Read(frontpath, "backend") ++ backpath = self.readVm(devid, "backend") + + if backpath: + xstransact.Write(backpath, *args) +@@ -549,9 +566,8 @@ class DevController: + + + def waitForBackend(self, devid): +- + frontpath = self.frontendPath(devid) +- # lookup a phantom ++ # lookup a phantom + phantomPath = xstransact.Read(frontpath, 'phantom_vbd') + if phantomPath is not None: + log.debug("Waiting for %s's phantom %s.", devid, phantomPath) +@@ -564,7 +580,7 @@ class DevController: + if result['status'] != 'Connected': + return (result['status'], err) + +- backpath = xstransact.Read(frontpath, "backend") ++ backpath = self.readVm(devid, "backend") + + + if backpath: +@@ -629,17 +645,20 @@ class DevController: + def frontendRoot(self): + return "%s/device/%s" % (self.vm.getDomainPath(), self.deviceClass) + +- def backendRoot(self): +- """Construct backend root path assuming backend is domain 0.""" +- from xen.xend.XendDomain import DOM0_ID +- from xen.xend.xenstore.xsutil import GetDomainPath +- return "%s/backend/%s/%s" % (GetDomainPath(DOM0_ID), +- self.deviceClass, self.vm.getDomid()) +- + def frontendMiscPath(self): + return "%s/device-misc/%s" % (self.vm.getDomainPath(), + self.deviceClass) + ++ def deviceRoot(self): ++ """Return the /vm/device. Because backendRoot assumes the ++ backend domain is 0""" ++ return "%s/device/%s" % (self.vm.vmpath, self.deviceClass) ++ ++ def devicePath(self, devid): ++ """Return the /device entry of the given VM. We use it to store ++ backend/frontend locations""" ++ return "%s/device/%s/%s" % (self.vm.vmpath, ++ self.deviceClass, devid) + + def hotplugStatusCallback(statusPath, ev, result): + log.debug("hotplugStatusCallback %s.", statusPath) diff --git a/sysutils/xentools33/patches/patch-gd b/sysutils/xentools33/patches/patch-gd new file mode 100644 index 00000000000..a11d52720aa --- /dev/null +++ b/sysutils/xentools33/patches/patch-gd @@ -0,0 +1,60 @@ +$NetBSD: patch-gd,v 1.1.2.2 2008/10/11 18:27:49 tron Exp $ + +--- python/xen/xend/server/netif.py.orig 2008-08-22 09:49:08.000000000 +0000 ++++ python/xen/xend/server/netif.py +@@ -142,10 +142,6 @@ class NetifController(DevController): + if sec_lab: + back['security_label'] = sec_lab + +- config_path = "device/%s/%d/" % (self.deviceClass, devid) +- for x in back: +- self.vm._writeVm(config_path + x, back[x]) +- + back['handle'] = "%i" % devid + back['script'] = os.path.join(xoptions.network_script_dir, script) + if rate: +@@ -189,40 +185,14 @@ class NetifController(DevController): + + result = DevController.getDeviceConfiguration(self, devid, transaction) + +- config_path = "device/%s/%d/" % (self.deviceClass, devid) +- devinfo = () + for x in ( 'script', 'ip', 'bridge', 'mac', + 'type', 'vifname', 'rate', 'uuid', 'model', 'accel', + 'security_label'): + if transaction is None: +- y = self.vm._readVm(config_path + x) ++ y = self.readBackend(devid, x) + else: +- y = self.vm._readVmTxn(transaction, config_path + x) +- devinfo += (y,) +- (script, ip, bridge, mac, typ, vifname, rate, uuid, +- model, accel, security_label) = devinfo +- +- if script: +- result['script'] = script +- if ip: +- result['ip'] = ip +- if bridge: +- result['bridge'] = bridge +- if mac: +- result['mac'] = mac +- if typ: +- result['type'] = typ +- if vifname: +- result['vifname'] = vifname +- if rate: +- result['rate'] = rate +- if uuid: +- result['uuid'] = uuid +- if model: +- result['model'] = model +- if accel: +- result['accel'] = accel +- if security_label: +- result['security_label'] = security_label ++ y = self.readBackendTxn(transaction, devid, x) ++ if y: ++ result[x] = y + + return result |