From 4ba11be8823ca946ee4cebf50fe68d780530eec4 Mon Sep 17 00:00:00 2001 From: drochner Date: Wed, 12 Sep 2012 11:09:32 +0000 Subject: update to 4.1.3 also add security patches from upstream changes: -fixes for vulnerabilities were integrated -many bug fixes and improvements, Highlights are: -Bug fixes and improvements to the libxl tool stack approved by maintainer --- sysutils/xentools41/Makefile | 3 +- sysutils/xentools41/distinfo | 12 +-- sysutils/xentools41/patches/patch-CVE-2012-3515 | 109 +++++++++++++++++++++ sysutils/xentools41/patches/patch-CVE-2012-4411 | 15 +++ .../xentools41/patches/patch-ocaml-include-path | 13 --- .../patches/patch-qemu-e1000-CVSE-2012-0029 | 45 --------- sysutils/xentools41/version.mk | 4 +- 7 files changed, 133 insertions(+), 68 deletions(-) create mode 100644 sysutils/xentools41/patches/patch-CVE-2012-3515 create mode 100644 sysutils/xentools41/patches/patch-CVE-2012-4411 delete mode 100644 sysutils/xentools41/patches/patch-ocaml-include-path delete mode 100644 sysutils/xentools41/patches/patch-qemu-e1000-CVSE-2012-0029 (limited to 'sysutils') diff --git a/sysutils/xentools41/Makefile b/sysutils/xentools41/Makefile index 9450766477d..5222bc4062a 100644 --- a/sysutils/xentools41/Makefile +++ b/sysutils/xentools41/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.20 2012/07/16 22:55:25 jym Exp $ +# $NetBSD: Makefile,v 1.21 2012/09/12 11:09:32 drochner Exp $ # # VERSION is set in version.mk as it is shared with other packages .include "version.mk" DISTNAME= xen-${VERSION} PKGNAME= xentools41-${VERSION} -PKGREVISION= 8 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xentools41/distinfo b/sysutils/xentools41/distinfo index 71fda93c4b4..6051f25fe7f 100644 --- a/sysutils/xentools41/distinfo +++ b/sysutils/xentools41/distinfo @@ -1,11 +1,13 @@ -$NetBSD: distinfo,v 1.21 2012/05/30 08:29:43 bouyer Exp $ +$NetBSD: distinfo,v 1.22 2012/09/12 11:09:32 drochner Exp $ SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes -SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e -RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6 -Size (xen-4.1.2.tar.gz) = 10365786 bytes +SHA1 (xen-4.1.3.tar.gz) = 0f688955262d08fba28361ca338f3ad0c0f53d74 +RMD160 (xen-4.1.3.tar.gz) = a6296a16579fd628a1ff2aa64b6b800e4913eeae +Size (xen-4.1.3.tar.gz) = 10382132 bytes +SHA1 (patch-CVE-2012-3515) = ab861e94a23e87f6e2f1338c9b7b2c61818a6943 +SHA1 (patch-CVE-2012-4411) = 4ede574c9d97a0553631ac94b48f2d7a5cb68628 SHA1 (patch-aa) = 9b53ba4a809dad7a1de34c8fa0dbe493d7256ada SHA1 (patch-ab) = 0906a5ec3a7450fc987b01289e2560e60966d00d SHA1 (patch-ac) = c3cc5335a1d6b066307c5f03fe72f513a9eb2bdb @@ -45,7 +47,5 @@ SHA1 (patch-ioemu-qemu-xen_hw_pt-msi.h) = d1bb1a8ad90d6577056f11df96f5469ffe74a3 SHA1 (patch-ioemu-qemu-xen_xen-hooks.mak) = a00d9a9fd0fbb9fd89788b9dfaf5b389a28d47e2 SHA1 (patch-libxl_libxl_create.c) = 02b661ca684609939c6ef762c0ddd1c5e62ad4d0 SHA1 (patch-libxl_libxl_internal.h) = e126e5e998117903f0c66cc370d350c504ed33d9 -SHA1 (patch-ocaml-include-path) = 959df25b0aae78d525b25f223190203d3c1185a6 -SHA1 (patch-qemu-e1000-CVSE-2012-0029) = 064ba74795e7a1ceb863d1f7bc171f3841c81b8a SHA1 (patch-qemu-phy-devices) = fef90e50ef0a58db2f2b49b6c23218f371791de5 SHA1 (patch-xenstore_Makefile) = 4fa0ed7b76a96011c3cca9c5017be4b5151489f7 diff --git a/sysutils/xentools41/patches/patch-CVE-2012-3515 b/sysutils/xentools41/patches/patch-CVE-2012-3515 new file mode 100644 index 00000000000..16571185088 --- /dev/null +++ b/sysutils/xentools41/patches/patch-CVE-2012-3515 @@ -0,0 +1,109 @@ +$NetBSD: patch-CVE-2012-3515,v 1.1 2012/09/12 11:09:32 drochner Exp $ + +see http://lists.xen.org/archives/html/xen-devel/2012-09/msg00199.html + +--- ioemu-qemu-xen/console.c.orig 2012-04-24 17:35:40.000000000 +0000 ++++ ioemu-qemu-xen/console.c +@@ -794,6 +794,26 @@ static void console_clear_xy(TextConsole + update_xy(s, x, y); + } + ++/* set cursor, checking bounds */ ++static void set_cursor(TextConsole *s, int x, int y) ++{ ++ if (x < 0) { ++ x = 0; ++ } ++ if (y < 0) { ++ y = 0; ++ } ++ if (y >= s->height) { ++ y = s->height - 1; ++ } ++ if (x >= s->width) { ++ x = s->width - 1; ++ } ++ ++ s->x = x; ++ s->y = y; ++} ++ + static void console_putchar(TextConsole *s, int ch) + { + TextCell *c; +@@ -869,7 +889,8 @@ static void console_putchar(TextConsole + s->esc_params[s->nb_esc_params] * 10 + ch - '0'; + } + } else { +- s->nb_esc_params++; ++ if (s->nb_esc_params < MAX_ESC_PARAMS) ++ s->nb_esc_params++; + if (ch == ';') + break; + #ifdef DEBUG_CONSOLE +@@ -883,59 +904,37 @@ static void console_putchar(TextConsole + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->y -= s->esc_params[0]; +- if (s->y < 0) { +- s->y = 0; +- } ++ set_cursor(s, s->x, s->y - s->esc_params[0]); + break; + case 'B': + /* move cursor down */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->y += s->esc_params[0]; +- if (s->y >= s->height) { +- s->y = s->height - 1; +- } ++ set_cursor(s, s->x, s->y + s->esc_params[0]); + break; + case 'C': + /* move cursor right */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->x += s->esc_params[0]; +- if (s->x >= s->width) { +- s->x = s->width - 1; +- } ++ set_cursor(s, s->x + s->esc_params[0], s->y); + break; + case 'D': + /* move cursor left */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->x -= s->esc_params[0]; +- if (s->x < 0) { +- s->x = 0; +- } ++ set_cursor(s, s->x - s->esc_params[0], s->y); + break; + case 'G': + /* move cursor to column */ +- s->x = s->esc_params[0] - 1; +- if (s->x < 0) { +- s->x = 0; +- } ++ set_cursor(s, s->esc_params[0] - 1, s->y); + break; + case 'f': + case 'H': + /* move cursor to row, column */ +- s->x = s->esc_params[1] - 1; +- if (s->x < 0) { +- s->x = 0; +- } +- s->y = s->esc_params[0] - 1; +- if (s->y < 0) { +- s->y = 0; +- } ++ set_cursor(s, s->esc_params[1] - 1, s->esc_params[0] - 1); + break; + case 'J': + switch (s->esc_params[0]) { diff --git a/sysutils/xentools41/patches/patch-CVE-2012-4411 b/sysutils/xentools41/patches/patch-CVE-2012-4411 new file mode 100644 index 00000000000..a92b78039f5 --- /dev/null +++ b/sysutils/xentools41/patches/patch-CVE-2012-4411 @@ -0,0 +1,15 @@ +$NetBSD: patch-CVE-2012-4411,v 1.1 2012/09/12 11:09:33 drochner Exp $ + +see http://lists.xen.org/archives/html/xen-devel/2012-09/msg00465.html + +--- ioemu-qemu-xen/vl.c.orig 2012-04-24 17:35:40.000000000 +0000 ++++ ioemu-qemu-xen/vl.c +@@ -4910,7 +4910,7 @@ int main(int argc, char **argv, char **e + kernel_cmdline = ""; + cyls = heads = secs = 0; + translation = BIOS_ATA_TRANSLATION_AUTO; +- monitor_device = "vc:80Cx24C"; ++ monitor_device = "null"; + + serial_devices[0] = "vc:80Cx24C"; + for(i = 1; i < MAX_SERIAL_PORTS; i++) diff --git a/sysutils/xentools41/patches/patch-ocaml-include-path b/sysutils/xentools41/patches/patch-ocaml-include-path deleted file mode 100644 index 68c6569b80b..00000000000 --- a/sysutils/xentools41/patches/patch-ocaml-include-path +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ocaml-include-path,v 1.1 2011/10/28 11:31:30 bouyer Exp $ - ---- ocaml/common.make.orig 2011-10-28 13:22:47.000000000 +0200 -+++ ocaml/common.make 2011-10-28 13:23:28.000000000 +0200 -@@ -11,7 +11,7 @@ - CFLAGS += -fPIC -Werror - CFLAGS += -I$(TOPLEVEL)/../include -I$(TOPLEVEL)/../libxc -I$(TOPLEVEL)/../xenstore -I$(TOPLEVEL)/../libxl - CFLAGS-$(CONFIG_Linux) += -I$(shell ocamlc -where) --CFLAGS-$(CONFIG_NetBSD) += -I/usr/pkg/lib/ocaml -fPIC -+CFLAGS-$(CONFIG_NetBSD) += -I$(PREFIX)/lib/ocaml -fPIC - - OCAMLOPTFLAG_G := $(shell $(OCAMLOPT) -h 2>&1 | sed -n 's/^ *\(-g\) .*/\1/p') - OCAMLOPTFLAGS = $(OCAMLOPTFLAG_G) -ccopt "$(LDFLAGS)" -dtypes $(OCAMLINCLUDE) -cc $(CC) -w F -warn-error F diff --git a/sysutils/xentools41/patches/patch-qemu-e1000-CVSE-2012-0029 b/sysutils/xentools41/patches/patch-qemu-e1000-CVSE-2012-0029 deleted file mode 100644 index 6bd160103c8..00000000000 --- a/sysutils/xentools41/patches/patch-qemu-e1000-CVSE-2012-0029 +++ /dev/null @@ -1,45 +0,0 @@ -$NetBSD: patch-qemu-e1000-CVSE-2012-0029,v 1.1 2012/02/03 17:00:25 bouyer Exp $ - -From 3cf61880403b4e484539596a95937cc066243388 Mon Sep 17 00:00:00 2001 -From: Ian Campbell -Date: Thu, 2 Feb 2012 13:47:06 +0000 -Subject: [PATCH] e1000: bounds packet size against buffer size - -Otherwise we can write beyond the buffer and corrupt memory. This is tracked -as CVE-2012-0029. - -Signed-off-by: Anthony Liguori - -(Backported from qemu upstream 65f82df0d7a71ce1b10cd4c5ab08888d176ac840 - by Ian Campbell.) - -Signed-off-by: Ian Campbell -(cherry picked from commit ebe37b2a3f844bad02dcc30d081f39eda06118f8) ---- - hw/e1000.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/hw/e1000.c b/hw/e1000.c -index bb3689e..97104ed 100644 ---- ioemu-qemu-xen/hw/e1000.c.orig -+++ ioemu-qemu-xen/hw/e1000.c -@@ -444,6 +444,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - bytes = split_size; - if (tp->size + bytes > msh) - bytes = msh - tp->size; -+ -+ bytes = MIN(sizeof(tp->data) - tp->size, bytes); - cpu_physical_memory_read(addr, tp->data + tp->size, bytes); - if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) - memmove(tp->header, tp->data, hdr); -@@ -459,6 +461,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - // context descriptor TSE is not set, while data descriptor TSE is set - DBGOUT(TXERR, "TCP segmentaion Error\n"); - } else { -+ split_size = MIN(sizeof(tp->data) - tp->size, split_size); - cpu_physical_memory_read(addr, tp->data + tp->size, split_size); - tp->size += split_size; - } --- -1.7.2.5 - diff --git a/sysutils/xentools41/version.mk b/sysutils/xentools41/version.mk index 86340910aee..732436dc946 100644 --- a/sysutils/xentools41/version.mk +++ b/sysutils/xentools41/version.mk @@ -1,5 +1,5 @@ -# $NetBSD: version.mk,v 1.2 2011/10/21 18:27:21 cegger Exp $ +# $NetBSD: version.mk,v 1.3 2012/09/12 11:09:32 drochner Exp $ # Version number is used by xentool41 and xenstoretools -VERSION= 4.1.2 +VERSION= 4.1.3 -- cgit v1.2.3