diff options
Diffstat (limited to 'sysutils/xentools46')
| -rw-r--r-- | sysutils/xentools46/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xentools46/distinfo | 14 | ||||
| -rw-r--r-- | sysutils/xentools46/patches/patch-XSA-197-1 | 67 | ||||
| -rw-r--r-- | sysutils/xentools46/patches/patch-XSA-197-2 | 65 | ||||
| -rw-r--r-- | sysutils/xentools46/patches/patch-XSA-198 | 64 | ||||
| -rw-r--r-- | sysutils/xentools46/patches/patch-XSA-199 | 90 | ||||
| -rw-r--r-- | sysutils/xentools46/version.mk | 4 |
7 files changed, 9 insertions, 299 deletions
diff --git a/sysutils/xentools46/Makefile b/sysutils/xentools46/Makefile index 2d8d91c3430..dcd272aa54e 100644 --- a/sysutils/xentools46/Makefile +++ b/sysutils/xentools46/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.12 2017/01/04 16:45:24 sborrill Exp $ +# $NetBSD: Makefile,v 1.13 2017/03/20 18:17:13 bouyer Exp $ # # VERSION is set in version.mk as it is shared with other packages .include "version.mk" DISTNAME= xen-${VERSION} PKGNAME= xentools46-${VERSION} -PKGREVISION= 6 +#PKGREVISION= 6 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xentools46/distinfo b/sysutils/xentools46/distinfo index 22fae40a404..e45c93bbf30 100644 --- a/sysutils/xentools46/distinfo +++ b/sysutils/xentools46/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.4 2016/12/20 17:24:58 bouyer Exp $ +$NetBSD: distinfo,v 1.5 2017/03/20 18:17:13 bouyer Exp $ SHA1 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = fecadf952821e830ce1a1d19655288eef8488f88 RMD160 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = 539bfa12db7054228250d6dd380bbf96c1a040f8 SHA512 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4 Size (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = 2867999 bytes -SHA1 (xen-4.6.3.tar.gz) = 2aa59d0a05a6c5ac7f336f2069c66a54f95c4349 -RMD160 (xen-4.6.3.tar.gz) = 2798bd888ee001a4829165e55feb705a86af4f74 -SHA512 (xen-4.6.3.tar.gz) = 187a860b40c05139f22b8498a5fae1db173c3110d957147af29a56cb83b7111c9dc4946d65f9dffc847001fc01c5e9bf51886eaa1194bb9cfd0b6dbcd43a2c5c -Size (xen-4.6.3.tar.gz) = 19707041 bytes +SHA1 (xen-4.6.5.tar.gz) = af371af662211ee1480167b6c9e35142156f3a8d +RMD160 (xen-4.6.5.tar.gz) = 3f2468d7d3715d14842ac57b2180118ef48e93fa +SHA512 (xen-4.6.5.tar.gz) = d3e1b16fa9d695a5fc28ca4375b8de3dfcab480437d4d0151972d9f286528c9f667841e7a6888c918c580371d6984658a8d3b92235553c8c9c052d93154547b5 +Size (xen-4.6.5.tar.gz) = 19712756 bytes SHA1 (patch-.._.._ipxe_src_core_settings.c) = 9e053e5e9936f49c46af0d59382a67d5f28cb39d SHA1 (patch-.._.._ipxe_src_interface_efi_efi_snp.c) = 7cd8a2d2dbeff55624b5d3461d22cd8331221762 SHA1 (patch-.._.._ipxe_src_net_fcels.c) = 7c13c87af5e38233f8b867503789f536394e7005 @@ -20,10 +20,6 @@ SHA1 (patch-.._docs_man_xlcpupool.cfg.pod.5) = b44813af965e4d9d0d51c18b22d286736 SHA1 (patch-.._docs_misc_xl-disk-configuration.txt) = 5b59cfc2569d1a4c10d6c0fcb98ed35278723b79 SHA1 (patch-Makefile) = 87defa487fcc7ba36fada41a7347e2f969f59045 SHA1 (patch-Rules.mk) = ec0af52c494718204f15adac30ddd06713ff572c -SHA1 (patch-XSA-197-1) = 4d373d23cd7032cc505300d865b6eaa8e80e2290 -SHA1 (patch-XSA-197-2) = 3dc303f22d0744f64eb4552f4de10fc11f32bb01 -SHA1 (patch-XSA-198) = 5a61b6b4af265ba0b90d5750166924daafe554d7 -SHA1 (patch-XSA-199) = 481c740d36a5b8415275c4b1152bb7e2a45349a1 SHA1 (patch-configure) = a58d149de07613fb03444234278778a6a24b9b26 SHA1 (patch-console_daemon_utils.c) = 915078ce6155a367e3e597fa7ab551f6afac083f SHA1 (patch-examples_Makefile) = 5fe7bb876d254cf0c4f774ed0f08dcaea5b355ff diff --git a/sysutils/xentools46/patches/patch-XSA-197-1 b/sysutils/xentools46/patches/patch-XSA-197-1 deleted file mode 100644 index b41c894e000..00000000000 --- a/sysutils/xentools46/patches/patch-XSA-197-1 +++ /dev/null @@ -1,67 +0,0 @@ -$NetBSD: patch-XSA-197-1,v 1.1 2016/11/22 20:59:01 bouyer Exp $ - -From: Jan Beulich <jbeulich@suse.com> -Subject: xen: fix ioreq handling - -Avoid double fetches and bounds check size to avoid overflowing -internal variables. - -This is XSA-197. - -Reported-by: yanghongke <yanghongke@huawei.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Ian Jackson <ian.jackson@eu.citrix.com> - ---- qemu-xen-traditional/i386-dm/helper2.c.orig -+++ qemu-xen-traditional/i386-dm/helper2.c -@@ -375,6 +375,11 @@ static void cpu_ioreq_pio(CPUState *env, - { - uint32_t i; - -+ if (req->size > sizeof(unsigned long)) { -+ fprintf(stderr, "PIO: bad size (%u)\n", req->size); -+ exit(-1); -+ } -+ - if (req->dir == IOREQ_READ) { - if (!req->data_is_ptr) { - req->data = do_inp(env, req->addr, req->size); -@@ -404,6 +409,11 @@ static void cpu_ioreq_move(CPUState *env - { - uint32_t i; - -+ if (req->size > sizeof(req->data)) { -+ fprintf(stderr, "MMIO: bad size (%u)\n", req->size); -+ exit(-1); -+ } -+ - if (!req->data_is_ptr) { - if (req->dir == IOREQ_READ) { - for (i = 0; i < req->count; i++) { -@@ -516,11 +526,13 @@ static int __handle_buffered_iopage(CPUS - req.df = 1; - req.type = buf_req->type; - req.data_is_ptr = 0; -+ xen_rmb(); - qw = (req.size == 8); - if (qw) { - buf_req = &buffered_io_page->buf_ioreq[(rdptr + 1) % - IOREQ_BUFFER_SLOT_NUM]; - req.data |= ((uint64_t)buf_req->data) << 32; -+ xen_rmb(); - } - - __handle_ioreq(env, &req); -@@ -552,7 +564,11 @@ static void cpu_handle_ioreq(void *opaqu - - __handle_buffered_iopage(env); - if (req) { -- __handle_ioreq(env, req); -+ ioreq_t copy = *req; -+ -+ xen_rmb(); -+ __handle_ioreq(env, ©); -+ req->data = copy.data; - - if (req->state != STATE_IOREQ_INPROCESS) { - fprintf(logfile, "Badness in I/O request ... not in service?!: " diff --git a/sysutils/xentools46/patches/patch-XSA-197-2 b/sysutils/xentools46/patches/patch-XSA-197-2 deleted file mode 100644 index 70e65b2c6cb..00000000000 --- a/sysutils/xentools46/patches/patch-XSA-197-2 +++ /dev/null @@ -1,65 +0,0 @@ -$NetBSD: patch-XSA-197-2,v 1.1 2016/11/22 20:59:01 bouyer Exp $ - -From: Jan Beulich <jbeulich@suse.com> -Subject: xen: fix ioreq handling - -Avoid double fetches and bounds check size to avoid overflowing -internal variables. - -This is XSA-197. - -Reported-by: yanghongke <yanghongke@huawei.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> - ---- qemu-xen/xen-hvm.c.orig -+++ qemu-xen/xen-hvm.c -@@ -817,6 +817,10 @@ static void cpu_ioreq_pio(ioreq_t *req) - { - uint32_t i; - -+ if (req->size > sizeof(uint32_t)) { -+ hw_error("PIO: bad size (%u)", req->size); -+ } -+ - if (req->dir == IOREQ_READ) { - if (!req->data_is_ptr) { - req->data = do_inp(req->addr, req->size); -@@ -846,6 +850,10 @@ static void cpu_ioreq_move(ioreq_t *req) - { - uint32_t i; - -+ if (req->size > sizeof(req->data)) { -+ hw_error("MMIO: bad size (%u)", req->size); -+ } -+ - if (!req->data_is_ptr) { - if (req->dir == IOREQ_READ) { - for (i = 0; i < req->count; i++) { -@@ -999,11 +1007,13 @@ static int handle_buffered_iopage(XenIOS - req.df = 1; - req.type = buf_req->type; - req.data_is_ptr = 0; -+ xen_rmb(); - qw = (req.size == 8); - if (qw) { - buf_req = &buf_page->buf_ioreq[(rdptr + 1) % - IOREQ_BUFFER_SLOT_NUM]; - req.data |= ((uint64_t)buf_req->data) << 32; -+ xen_rmb(); - } - - handle_ioreq(state, &req); -@@ -1034,7 +1044,11 @@ static void cpu_handle_ioreq(void *opaqu - - handle_buffered_iopage(state); - if (req) { -- handle_ioreq(state, req); -+ ioreq_t copy = *req; -+ -+ xen_rmb(); -+ handle_ioreq(state, ©); -+ req->data = copy.data; - - if (req->state != STATE_IOREQ_INPROCESS) { - fprintf(stderr, "Badness in I/O request ... not in service?!: " diff --git a/sysutils/xentools46/patches/patch-XSA-198 b/sysutils/xentools46/patches/patch-XSA-198 deleted file mode 100644 index 3795500b9ae..00000000000 --- a/sysutils/xentools46/patches/patch-XSA-198 +++ /dev/null @@ -1,64 +0,0 @@ -$NetBSD: patch-XSA-198,v 1.1 2016/11/22 20:59:01 bouyer Exp $ - -From 71a389ae940bc52bf897a6e5becd73fd8ede94c5 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Thu, 3 Nov 2016 16:37:40 +0000 -Subject: [PATCH] pygrub: Properly quote results, when returning them to the - caller: - -* When the caller wants sexpr output, use `repr()' - This is what Xend expects. - - The returned S-expressions are now escaped and quoted by Python, - generally using '...'. Previously kernel and ramdisk were unquoted - and args was quoted with "..." but without proper escaping. This - change may break toolstacks which do not properly dequote the - returned S-expressions. - -* When the caller wants "simple" output, crash if the delimiter is - contained in the returned value. - - With --output-format=simple it does not seem like this could ever - happen, because the bootloader config parsers all take line-based - input from the various bootloader config files. - - With --output-format=simple0, this can happen if the bootloader - config file contains nul bytes. - -This is XSA-198. - -Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> -Tested-by: Ian Jackson <Ian.Jackson@eu.citrix.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> ---- - tools/pygrub/src/pygrub | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub -index 40f9584..dd0c8f7 100755 ---- pygrub/src/pygrub.orig -+++ pygrub/src/pygrub -@@ -721,14 +721,17 @@ def sniff_netware(fs, cfg): - return cfg - - def format_sxp(kernel, ramdisk, args): -- s = "linux (kernel %s)" % kernel -+ s = "linux (kernel %s)" % repr(kernel) - if ramdisk: -- s += "(ramdisk %s)" % ramdisk -+ s += "(ramdisk %s)" % repr(ramdisk) - if args: -- s += "(args \"%s\")" % args -+ s += "(args %s)" % repr(args) - return s - - def format_simple(kernel, ramdisk, args, sep): -+ for check in (kernel, ramdisk, args): -+ if check is not None and sep in check: -+ raise RuntimeError, "simple format cannot represent delimiter-containing value" - s = ("kernel %s" % kernel) + sep - if ramdisk: - s += ("ramdisk %s" % ramdisk) + sep --- -2.1.4 - diff --git a/sysutils/xentools46/patches/patch-XSA-199 b/sysutils/xentools46/patches/patch-XSA-199 deleted file mode 100644 index d91d01cd430..00000000000 --- a/sysutils/xentools46/patches/patch-XSA-199 +++ /dev/null @@ -1,90 +0,0 @@ -$NetBSD: patch-XSA-199,v 1.1 2016/12/20 10:22:29 bouyer Exp $ - -From b73bd1edc05d1bad5c018228146930d79315a5da Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Mon, 14 Nov 2016 17:19:46 +0000 -Subject: [PATCH] qemu: ioport_read, ioport_write: be defensive about 32-bit - addresses - -On x86, ioport addresses are 16-bit. That these functions take 32-bit -arguments is a mistake. Changing the argument type to 16-bit will -discard the top bits of any erroneous values from elsewhere in qemu. - -Also, check just before use that the value is in range. (This turns -an ill-advised change to MAX_IOPORTS into a possible guest crash -rather than a privilege escalation vulnerability.) - -And, in the Xen ioreq processor, clamp incoming ioport addresses to -16-bit values. Xen will never write >16-bit values but the guest may -have access to the ioreq ring. We want to defend the rest of the qemu -code from wrong values. - -This is XSA-199. - -Reported-by: yanghongke <yanghongke@huawei.com> -Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> ---- - i386-dm/helper2.c | 2 ++ - vl.c | 9 +++++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/i386-dm/helper2.c b/i386-dm/helper2.c -index 2706f2e..5d276bb 100644 ---- qemu-xen-traditional/i386-dm/helper2.c.orig -+++ qemu-xen-traditional/i386-dm/helper2.c -@@ -375,6 +375,8 @@ static void cpu_ioreq_pio(CPUState *env, ioreq_t *req) - { - uint32_t i; - -+ req->addr &= 0x0ffffU; -+ - if (req->size > sizeof(unsigned long)) { - fprintf(stderr, "PIO: bad size (%u)\n", req->size); - exit(-1); -diff --git a/vl.c b/vl.c -index f9c4d7e..c3c5d63 100644 ---- qemu-xen-traditional/vl.c.orig -+++ qemu-xen-traditional/vl.c -@@ -52,6 +52,7 @@ - - #include <xen/hvm/hvm_info_table.h> - -+#include <assert.h> - #include <unistd.h> - #include <fcntl.h> - #include <signal.h> -@@ -290,26 +291,30 @@ PicState2 *isa_pic; - static IOPortReadFunc default_ioport_readb, default_ioport_readw, default_ioport_readl; - static IOPortWriteFunc default_ioport_writeb, default_ioport_writew, default_ioport_writel; - --static uint32_t ioport_read(int index, uint32_t address) -+static uint32_t ioport_read(int index, uint16_t address) - { - static IOPortReadFunc *default_func[3] = { - default_ioport_readb, - default_ioport_readw, - default_ioport_readl - }; -+ if (address >= MAX_IOPORTS) -+ abort(); - IOPortReadFunc *func = ioport_read_table[index][address]; - if (!func) - func = default_func[index]; - return func(ioport_opaque[address], address); - } - --static void ioport_write(int index, uint32_t address, uint32_t data) -+static void ioport_write(int index, uint16_t address, uint32_t data) - { - static IOPortWriteFunc *default_func[3] = { - default_ioport_writeb, - default_ioport_writew, - default_ioport_writel - }; -+ if (address >= MAX_IOPORTS) -+ abort(); - IOPortWriteFunc *func = ioport_write_table[index][address]; - if (!func) - func = default_func[index]; --- -2.1.4 diff --git a/sysutils/xentools46/version.mk b/sysutils/xentools46/version.mk index 896f20914c1..561e84a9e72 100644 --- a/sysutils/xentools46/version.mk +++ b/sysutils/xentools46/version.mk @@ -1,6 +1,6 @@ -# $NetBSD: version.mk,v 1.1 2017/01/04 16:37:29 sborrill Exp $ +# $NetBSD: version.mk,v 1.2 2017/03/20 18:17:13 bouyer Exp $ # # Version number is used by xentools46 and xenstoretools -VERSION= 4.6.3 +VERSION= 4.6.5 VERSION_IPXE= 9a93db3f0947484e30e753bbd61a10b17336e20e |