Age | Commit message (Collapse) | Author | Files | Lines |
|
sysutils/xentools42: security patch
Revisions pulled up:
- sysutils/xentools42/Makefile 1.28
- sysutils/xentools42/distinfo 1.17
- sysutils/xentools42/patches/patch-CVE-2015-3456 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Fri Jun 5 18:41:18 UTC 2015
Modified Files:
pkgsrc/sysutils/xentools42: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-3456
Log Message:
Apply fixes from upstream for XSA-133
XXX pull-ups
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/sysutils/xentools42/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/sysutils/xentools42/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools42/patches/patch-CVE-2015-3456
|
|
sysutils/xenkernel42: security patch
Revisions pulled up:
- sysutils/xenkernel42/Makefile 1.16
- sysutils/xenkernel42/distinfo 1.14
- sysutils/xenkernel42/patches/patch-CVE-2015-3456 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Fri Jun 5 18:18:41 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel42: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-3456
Log Message:
Apply fixes from upstream for XSA-133
XXX pull-ups
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/xenkernel42/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/sysutils/xenkernel42/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2015-3456
|
|
sysutils/xentools45: security patch
Revisions pulled up:
- sysutils/xentools45/Makefile 1.7
- sysutils/xentools45/distinfo 1.7
- sysutils/xentools45/patches/patch-CVE-2015-3456 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Fri Jun 5 18:15:42 UTC 2015
Modified Files:
pkgsrc/sysutils/xentools45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-3456
Log Message:
Apply fixes from upstream for XSA-133
The patch really belongs here rather than in sysutils/xenkernel45 (where
it is already applied).
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/sysutils/xentools45/Makefile \
pkgsrc/sysutils/xentools45/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/xentools45/patches/patch-CVE-2015-3456
|
|
sysutils/xenkernel45: security patch
Revisions pulled up:
- sysutils/xenkernel45/Makefile 1.8
- sysutils/xenkernel45/distinfo 1.7
- sysutils/xenkernel45/patches/patch-CVE-2015-3456 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Fri Jun 5 17:15:04 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-3456
Log Message:
Apply fixes from upstream for XSA-133
Privilege escalation via emulated floppy disk drive
The code in qemu which emulates a floppy disk controller did not
correctly bounds check accesses to an array and therefore was
vulnerable to a buffer overflow attack.
A guest which has access to an emulated floppy device can exploit this
vulnerability to take over the qemu process elevating its privilege to
that of the qemu process.
All Xen systems running x86 HVM guests without stubdomains are
vulnerable to this depending on the specific guest configuration. The
default configuration is vulnerable.
Guests using either the traditional "qemu-xen" or upstream qemu device
models are vulnerable.
Guests using a qemu-dm stubdomain to run the device model are only
vulnerable to takeover of that service domain.
Systems running only x86 PV guests are not vulnerable.
ARM systems are not vulnerable.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/sysutils/xenkernel45/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/sysutils/xenkernel45/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xenkernel45/patches/patch-CVE-2015-3456
|
|
sysutils/file: security patch
Revisions pulled up:
- sysutils/file/Makefile 1.35
- sysutils/file/distinfo 1.23
- sysutils/file/patches/patch-src_softmagic.c 1.1
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat May 23 13:11:07 UTC 2015
Modified Files:
pkgsrc/sysutils/file: Makefile distinfo
Added Files:
pkgsrc/sysutils/file/patches: patch-src_softmagic.c
Log Message:
SECURITY: add patch for denial-of-service vulnerability. From Matthias
Ferdinand via pkgsrc-users. Bump PKGREVISION.
|
|
sysutils/dvdisaster: build fix
Revisions pulled up:
- sysutils/dvdisaster/Makefile 1.32
- sysutils/dvdisaster/distinfo 1.8
- sysutils/dvdisaster/patches/patch-md5.c 1.1
- sysutils/dvdisaster/patches/patch-scripts_bash-based-configure 1.1
- sysutils/dvdisaster/patches/patch-tools_codec.c 1.1
- sysutils/dvdisaster/patches/patch-tools_decimate.c 1.1
- sysutils/dvdisaster/patches/patch-tools_memory.c 1.1
- sysutils/dvdisaster/patches/patch-tools_pngio.c 1.1
- sysutils/dvdisaster/patches/patch-tools_pngpack.c 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sun Apr 26 13:30:59 UTC 2015
Modified Files:
pkgsrc/sysutils/dvdisaster: Makefile distinfo
Added Files:
pkgsrc/sysutils/dvdisaster/patches: patch-md5.c
patch-scripts_bash-based-configure patch-tools_codec.c
patch-tools_decimate.c patch-tools_memory.c patch-tools_pngio.c
patch-tools_pngpack.c
Log Message:
Drop GCC check. Fix missing includes. Fix memset call. Bump revision.
|
|
sysutils/xenkernel45: security patch
Revisions pulled up:
- sysutils/xenkernel45/Makefile 1.7
- sysutils/xenkernel45/distinfo 1.6
- sysutils/xenkernel45/patches/patch-CVE-2015-2751 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Apr 19 15:02:12 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2751
Log Message:
adding upstream's patch for
XSA-127 Certain domctl operations may be abused to lock up the host
|
|
Pullup ticket #4698 - requested by spz
sysutils/xenkernel41: security patch
sysutils/xenkernel42: security patch
sysutils/xenkernel45: security patch
Revisions pulled up:
- sysutils/xenkernel41/Makefile 1.45
- sysutils/xenkernel41/distinfo 1.36
- sysutils/xenkernel41/patches/patch-CVE-2015-2752 1.1
- sysutils/xenkernel41/patches/patch-CVE-2015-2756 1.1
- sysutils/xenkernel42/Makefile 1.15
- sysutils/xenkernel42/distinfo 1.13
- sysutils/xenkernel42/patches/patch-CVE-2015-2752 1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-2756 1.1
- sysutils/xenkernel45/Makefile 1.6
- sysutils/xenkernel45/distinfo 1.5
- sysutils/xenkernel45/patches/patch-CVE-2015-2752 1.1
- sysutils/xenkernel45/patches/patch-CVE-2015-2756 1.1
- sysutils/xentools41/Makefile 1.50
- sysutils/xentools41/distinfo 1.38
- sysutils/xentools41/patches/patch-CVE-2015-2752 1.1
- sysutils/xentools41/patches/patch-CVE-2015-2756 1.1
- sysutils/xentools42/Makefile 1.27
- sysutils/xentools42/distinfo 1.16
- sysutils/xentools42/patches/patch-CVE-2015-2752 1.1
- sysutils/xentools42/patches/patch-CVE-2015-2756 1.1
- sysutils/xentools45/Makefile 1.6
- sysutils/xentools45/distinfo 1.6
- sysutils/xentools45/patches/patch-CVE-2015-2752 1.1
- sysutils/xentools45/patches/patch-CVE-2015-2756 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Apr 19 13:13:21 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile distinfo
pkgsrc/sysutils/xenkernel42: Makefile distinfo
pkgsrc/sysutils/xenkernel45: Makefile distinfo
pkgsrc/sysutils/xentools41: Makefile distinfo
pkgsrc/sysutils/xentools42: Makefile distinfo
pkgsrc/sysutils/xentools45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xentools41/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
Log Message:
apply fixes from upstream for
XSA-125 Long latency MMIO mapping operations are not preemptible
XSA-126 Unmediated PCI command register access in qemu
|
|
sysutils/coreutils: build fix
Revisions pulled up:
- sysutils/coreutils/Makefile.common 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: manu
Date: Fri Apr 17 12:46:00 UTC 2015
Modified Files:
pkgsrc/sysutils/coreutils: Makefile.common
Log Message:
Allow GNU coreuitls to be built as root
GNU coreutils's configure script will abort if ran as root. Although
pkgsrc can do that step under an unprivilegied user, there are still
situations, such as pkg_comp bulk builds, where the common usage is
to run as root. We therefore override configure's root check by setting
FORCE_UNSAFE_CONFIGURE in the environement.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/sysutils/coreutils/Makefile.common
|
|
sysutils/coreutils - security fix
Revisions pulled up:
- sysutils/coreutils/Makefile 1.64
- sysutils/coreutils/distinfo 1.30
- sysutils/coreutils/patches/patch-lib_parse-datetime.c 1.1
---
Module Name: pkgsrc
Committed By: tnn
Date: Mon Apr 13 12:05:08 UTC 2015
Modified Files:
pkgsrc/sysutils/coreutils: Makefile distinfo
Added Files:
pkgsrc/sysutils/coreutils/patches: patch-lib_parse-datetime.c
Log Message:
Fix CVE-2014-9471 TZ parsing bug.
|
|
----------------
Documentation
*************
- Extend support to Python 3.4, deprecating Python 3.2.
- Issue #198: Mention Zake as a sophisticated kazoo mock testing library.
- Issue #181: Add documentation on basic logging setup.
|
|
(Apparently I added a comment to one of the new patches after creating
distinfo and testing. Thanks to joerg@ for pointing out the issue.)
|
|
While amanda-client 3.3 has been stable on NetBSD for a while, the
server code has apparently never worked. This commit adds several
patches:
- include sys/{types,time}.h so autoconf tape drive checks pass
- improve error messages when tape drive code is not compiled in
- avoid perl crash in report generation
These changes have been tested on NetBSD 6 kernel with NetBSD 5
userland, amd64 (for no good reason, but this was the machine with the
tape drive), dumping many machines and writing to LTO.
The first two patches are taken from an upstream patch committed to
the 3.3 branch due to this problem being reported. The third patch is
ad hoc based on perl debugging, and needs further investigation. (But
it's better to get a report without a header line than an empty mail
message.)
|
|
|
|
Add the following files (CPU family 6 model 3d, 3e and 3f):
000306d4-6
000306d4-7
000306e7-0
000306e7-2
000306e7-3
000306e7-5
000306e7-6
000306e7-7
000306f2-0
000306f2-1
000306f2-2
000306f2-3
000306f2-5
000306f2-6
|
|
|
|
|
|
Bugs fixed:
* restructure elf note printing to avoid repeated messages
* add note limit, suggested by Alexander Cherepanov
* Bail out on partial pread()'s (Alexander Cherepanov)
* Fix incorrect bounds check in file_printable (Alexander Cherepanov)
* PR/405: ignore SIGPIPE from uncompress programs
* change printable -> file_printable and use it in
more places for safety
* Fix for CVE-2014-9620.
|
|
We are carrying a patch for configure to include -li386 on i386/i486,
but the upstream script is missing the [] intended to match multiple
subfamilies, and hence does not match. This commit just adds in the
missing [], enabling compilation to succeed on i386, and not changing
anything on !i386.
|
|
it builds now, the resulting binary does not boot in qemu.
|
|
|
|
|
|
|
|
|
|
|
|
This stops "amtterm" from disconnecting repeatedly from the ME of a
Lenovo ThinkServer TS140.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
Changes are too many to write here, please refer CHANGELOG.md.
|
|
|
|
- needs gettext-lib as gettext support is enabled
|
|
|
|
Changes are too many to write here, please refer:
https://github.com/guard/listen/releases.
|
|
|
|
This is a simple wrapper over the inotify Linux kernel subsystem
(http://en.wikipedia.org/wiki/Inotify) for monitoring changes to files
and directories.
It uses the FFI (http://wiki.github.com/ffi/ffi) gem to avoid having to
compile a C extension.
|
|
* Longer sleep (increase stability but won't affect runtime).
* Work around JRuby problem.
* Spec environment unset in parent is unset in parent when set in grandparent.
* Remove environment variables not in ENV that are in ProcessBuilder
environment.
* Remove unnecessary stringification of ENV keys MSP-11414
Unlike @environment, which is a generic Hash, ENV is guarenteed to be
<String, String>, so remove the keys #to_s calls for ENV.
|
|
By default qemu will try to create some sort of backend for the
emulated VGA device, either SDL or VNC.
However when the user specifies sdl=0 and vnc=0 in their configuration
libxl was not explicitly disabling either backend, which could lead to
one unexpectedly running.
If either sdl=1 or vnc=1 is configured then both before and after this
change only the backends which are explicitly enabled are configured,
i.e. this issue only occurs when all backends are supposed to have
been disabled.
This affects qemu-xen and qemu-xen-traditional differently.
If qemu-xen was compiled with SDL support then this would result in an
SDL window being opened if $DISPLAY is valid, or a failure to start
the guest if not. Passing "-display none" to qemu before any further
-sdl options disables this default behaviour and ensures that SDL is
only started if the libxl configuration demands it.
If qemu-xen was compiled without SDL support then qemu would instead
start a VNC server listening on ::1 (IPv6 localhost) or 127.0.0.1
(IPv4 localhost) with IPv6 preferred if available. Explicitly pass
"-vnc none" when vnc is not enabled in the libxl configuration to
remove this possibility.
qemu-xen-traditional would never start a vnc backend unless asked.
However by default it will start an SDL backend, the way to disable
this is to pass a -vnc option. In other words passing "-vnc none" will
disable both vnc and sdl by default. sdl can then be reenabled if
configured by subsequent use of the -sdl option.
Tested with both qemu-xen and qemu-xen-traditional built with SDL
support and:
xl cr # defaults
xl cr sdl=0 vnc=0
xl cr sdl=1 vnc=0
xl cr sdl=0 vnc=1
xl cr sdl=0 vnc=0 vga=\"none\"
xl cr sdl=0 vnc=0 nographic=1
with both valid and invalid $DISPLAY.
This is XSA-119.
|
|
From b6e327fde6c365086594e2b46edf435aa1671b1a Mon Sep 17 00:00:00 2001
From: Ian Campbell <ian.campbell@citrix.com>
Date: Fri, 20 Feb 2015 14:41:09 +0000
Subject: [PATCH] tools: libxl: Explicitly disable graphics backends on qemu
cmdline
By default qemu will try to create some sort of backend for the
emulated VGA device, either SDL or VNC.
However when the user specifies sdl=0 and vnc=0 in their configuration
libxl was not explicitly disabling either backend, which could lead to
one unexpectedly running.
If either sdl=1 or vnc=1 is configured then both before and after this
change only the backends which are explicitly enabled are configured,
i.e. this issue only occurs when all backends are supposed to have
been disabled.
This affects qemu-xen and qemu-xen-traditional differently.
If qemu-xen was compiled with SDL support then this would result in an
SDL window being opened if $DISPLAY is valid, or a failure to start
the guest if not. Passing "-display none" to qemu before any further
-sdl options disables this default behaviour and ensures that SDL is
only started if the libxl configuration demands it.
If qemu-xen was compiled without SDL support then qemu would instead
start a VNC server listening on ::1 (IPv6 localhost) or 127.0.0.1
(IPv4 localhost) with IPv6 preferred if available. Explicitly pass
"-vnc none" when vnc is not enabled in the libxl configuration to
remove this possibility.
qemu-xen-traditional would never start a vnc backend unless asked.
However by default it will start an SDL backend, the way to disable
this is to pass a -vnc option. In other words passing "-vnc none" will
disable both vnc and sdl by default. sdl can then be reenabled if
configured by subsequent use of the -sdl option.
Tested with both qemu-xen and qemu-xen-traditional built with SDL
support and:
xl cr # defaults
xl cr sdl=0 vnc=0
xl cr sdl=1 vnc=0
xl cr sdl=0 vnc=1
xl cr sdl=0 vnc=0 vga=\"none\"
xl cr sdl=0 vnc=0 nographic=1
with both valid and invalid $DISPLAY.
This is XSA-119.
|
|
|
|
|
|
Changelog is :
3.8.8 -> 3.8.9
- Add new directive "createolddir" and "nocreateolddir". These directives
can be used to create the directory specified by olddir with particular
"mode", "owner" and "group".
- Continue with rotation even when first log from logset is removed
during the rotation.
- Fix crash on BSD systems introduced in 3.8.8 caused by different qsort_r
function. Function qsort is now used instead.
- Fix potential buffer overflow in usage of strncat function.
- Fix compilation with musl-libc.
- Add experimental 'renamecopy' directive to allow 'olddir' on different
physical device. See the "man logrotate" for more information.
3.8.7 -> 3.8.8
- Add support for building using autotools/automake. Using "./autogen.sh",
"./configure" and "make" is now preferred way how to build logrotate.
Old Makefile remains available, but it is deprecated and will be removed
in the future. Please report any problem related to new build system.
- Add support for systems which do not support fork (use vfork instead)
and madvise.
- Fix bug when wrong log file has been removed in case of dateext and
dateformat %d-%m-%Y.
- Do not expect that the name of root account is 'root'.
- Do not stop rotation with an error when olddir and log file
are on different devices and copy or copytruncate is used.
- Return an error code when parent directory of log does not exist,
"su" directive is not used, logrotate is running as root and missingok
is not specified. [vcizek]
- Prepend error printed by compression program with the log name even when
the compression program exits with zero exit code.
pkgsrc change : took over maintainership.
|