add patches for XSAs 176, 180 and 181 from upstream

5 files changed, 121 insertions, 3 deletions

diff --git a/sysutils/xenkernel45/Makefile b/sysutils/xenkernel45/Makefile
index 951b52c670c..d0ab6eae3f5 100644
--- a/sysutils/xenkernel45/Makefile
+++ b/sysutils/xenkernel45/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.19 2016/07/26 14:31:56 bouyer Exp $
+# $NetBSD: Makefile,v 1.20 2016/08/06 10:10:10 spz Exp $
 
 VERSION=	4.5.3
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel45-${VERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff --git a/sysutils/xenkernel45/distinfo b/sysutils/xenkernel45/distinfo
index 60ecbb336df..2df1ee81d1e 100644
--- a/sysutils/xenkernel45/distinfo
+++ b/sysutils/xenkernel45/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2016/07/26 14:31:56 bouyer Exp $
+$NetBSD: distinfo,v 1.16 2016/08/06 10:10:10 spz Exp $
 
 SHA1 (xen-4.5.3.tar.gz) = 95d56c42642adcffe55dcf82a021d49115373108
 RMD160 (xen-4.5.3.tar.gz) = 7ba586b20404e95308007663e87868c0ccc0e6f4
@@ -7,6 +7,9 @@ Size (xen-4.5.3.tar.gz) = 18416997 bytes
 SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
 SHA1 (patch-XSA-172) = ff4560534381d4d4c553170fbeb674f9361d9740
 SHA1 (patch-XSA-173) = 0f6a2c4d9467713f3d969020f8fba62aa2f5297b
+SHA1 (patch-XSA-176) = 221ed0dce1a97e03c0f0cb216f5ffd13269fd162
+SHA1 (patch-XSA-180) = d50f2c7d4ae7bbc8d0ae892f7bdf4ca0ba867d1a
+SHA1 (patch-XSA-181) = 3fc00b9543d6bd834359a299c288839ad69f3fbb
 SHA1 (patch-XSA-182) = 77dfd369df89a51355318e26e38837482f09996e
 SHA1 (patch-XSA-183) = f2a6027ff71c32c16abeb1b17e3226b714a5f1f4
 SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe
diff --git a/sysutils/xenkernel45/patches/patch-XSA-176 b/sysutils/xenkernel45/patches/patch-XSA-176
new file mode 100644
index 00000000000..97f5ec0fe40
--- /dev/null
+++ b/sysutils/xenkernel45/patches/patch-XSA-176
@@ -0,0 +1,31 @@
+$NetBSD: patch-XSA-176,v 1.1 2016/08/06 10:10:10 spz Exp $
+
+patch for XSA-176 from upstream
+
+--- xen/arch/x86/mm/guest_walk.c.orig	2016-03-23 13:57:27.000000000 +0000
++++ xen/arch/x86/mm/guest_walk.c
+@@ -231,9 +237,14 @@ guest_walk_tables(struct vcpu *v, struct
+         rc |= _PAGE_PRESENT;
+         goto out;
+     }
++    if ( gflags & _PAGE_PSE )
++    {
++        rc |= _PAGE_PSE | _PAGE_INVALID_BIT;
++        goto out;
++    }
+     rc |= ((gflags & mflags) ^ mflags);
+     
+-    pse1G = (gflags & _PAGE_PSE) && guest_supports_1G_superpages(v); 
++    pse1G = !!(gflags & _PAGE_PSE);
+ 
+     if ( pse1G )
+     {
+@@ -253,6 +264,8 @@ guest_walk_tables(struct vcpu *v, struct
+             /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */
+             flags &= ~_PAGE_PAT;
+ 
++        if ( !guest_supports_1G_superpages(v) )
++            rc |= _PAGE_PSE | _PAGE_INVALID_BIT;
+         if ( gfn_x(start) & GUEST_L3_GFN_MASK & ~0x1 )
+             rc |= _PAGE_INVALID_BITS;
+ 
diff --git a/sysutils/xenkernel45/patches/patch-XSA-180 b/sysutils/xenkernel45/patches/patch-XSA-180
new file mode 100644
index 00000000000..9a74fd3e213
--- /dev/null
+++ b/sysutils/xenkernel45/patches/patch-XSA-180
@@ -0,0 +1,66 @@
+$NetBSD: patch-XSA-180,v 1.1 2016/08/06 10:10:10 spz Exp $
+
+patch for XSA-180 from upstream
+
+--- tools/qemu-xen-traditional/vl.c.orig	2016-01-04 15:36:03.000000000 +0000
++++ tools/qemu-xen-traditional/vl.c
+@@ -3753,6 +3753,50 @@ static void host_main_loop_wait(int *tim
+ }
+ #endif
+ 
++static void check_cve_2014_3672_xen(void)
++{
++    static unsigned long limit = ~0UL;
++    const int fd = 2;
++    struct stat stab;
++
++    if (limit == ~0UL) {
++        const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
++        /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
++        limit = s ? strtoul(s,0,0) : 1*1024*1024;
++    }
++    if (limit == 0)
++        return;
++
++    int r = fstat(fd, &stab);
++    if (r) {
++        perror("fstat stderr (for CVE-2014-3672 check)");
++        exit(-1);
++    }
++    if (!S_ISREG(stab.st_mode))
++        return;
++    if (stab.st_size <= limit)
++        return;
++
++    /* oh dear */
++    fprintf(stderr,"\r\n"
++            "Closing stderr due to CVE-2014-3672 limit. "
++            " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
++            " or 0 for no limit.\n");
++    fflush(stderr);
++
++    int nfd = open("/dev/null", O_WRONLY);
++    if (nfd < 0) {
++        perror("open /dev/null (for CVE-2014-3672 check)");
++        exit(-1);
++    }
++    r = dup2(nfd, fd);
++    if (r != fd) {
++        perror("dup2 /dev/null (for CVE-2014-3672 check)");
++        exit(-1);
++    }
++    close(nfd);
++}
++
+ void main_loop_wait(int timeout)
+ {
+     IOHandlerRecord *ioh;
+@@ -3762,6 +3806,8 @@ void main_loop_wait(int timeout)
+ 
+     qemu_bh_update_timeout(&timeout);
+ 
++    check_cve_2014_3672_xen();
++
+     host_main_loop_wait(&timeout);
+ 
+     /* poll any events */
diff --git a/sysutils/xenkernel45/patches/patch-XSA-181 b/sysutils/xenkernel45/patches/patch-XSA-181
new file mode 100644
index 00000000000..c6444f08c41
--- /dev/null
+++ b/sysutils/xenkernel45/patches/patch-XSA-181
@@ -0,0 +1,18 @@
+$NetBSD: patch-XSA-181,v 1.1 2016/08/06 10:10:10 spz Exp $
+
+patch for XSA-181 from upstream
+note this patch is only for ARM, and thus not really relevant to
+this x86-only package
+
+--- xen/arch/arm/p2m.c.orig	2016-03-23 13:57:27.000000000 +0000
++++ xen/arch/arm/p2m.c
+@@ -1084,7 +1084,8 @@ void p2m_teardown(struct domain *d)
+     while ( (pg = page_list_remove_head(&p2m->pages)) )
+         free_domheap_page(pg);
+ 
+-    free_domheap_pages(p2m->root, P2M_ROOT_ORDER);
++    if ( p2m->root )
++        free_domheap_pages(p2m->root, P2M_ROOT_ORDER);
+ 
+     p2m->root = NULL;
+