add patches to XSAs 178 and 180 from upstream

add an initialization for a pointer where the compiler doesn't
recognize it being assigned by posix_memalign (trivial compile fix)
This commit is contained in:
spz 2016-08-06 12:41:36 +00:00
parent 416e71290b
commit 3809b50afc
5 changed files with 1418 additions and 3 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.36 2016/07/09 13:04:08 wiz Exp $
# $NetBSD: Makefile,v 1.37 2016/08/06 12:41:36 spz Exp $
VERSION= 4.5.3
PKGREVISION= 2
PKGREVISION= 3
VERSION_IPXE= 9a93db3f0947484e30e753bbd61a10b17336e20e
DISTNAME= xen-${VERSION}

View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.24 2016/05/21 20:11:21 bad Exp $
$NetBSD: distinfo,v 1.25 2016/08/06 12:41:36 spz Exp $
SHA1 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = fecadf952821e830ce1a1d19655288eef8488f88
RMD160 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = 539bfa12db7054228250d6dd380bbf96c1a040f8
@ -20,7 +20,9 @@ SHA1 (patch-.._docs_man_xlcpupool.cfg.pod.5) = b44813af965e4d9d0d51c18b22d286736
SHA1 (patch-.._docs_misc_xl-disk-configuration.txt) = 5b59cfc2569d1a4c10d6c0fcb98ed35278723b79
SHA1 (patch-Makefile) = eb5d3211b26c5f10a24fcca658c83d5f60990d9f
SHA1 (patch-Rules.mk) = e0dc4234c35dc2d78afad4a90b0af829a6a10b50
SHA1 (patch-XSA-178) = 5cb68dd7d82f537e9a9d0417cc79e8cafeb05ac2
SHA1 (patch-XSA-179) = b73d44757651efe4b8df27cedd7f9827f3d6a6ca
SHA1 (patch-XSA-180) = 58a93dec38792a36bca74123444eb72fafe158a3
SHA1 (patch-blktap_drivers_Makefile) = 7cc53b2a0dea1694a969046ab8542271ca63f9e7
SHA1 (patch-configure) = 97fa4274e425984d593cd93aea36edc681462b88
SHA1 (patch-console_daemon_utils.c) = 915078ce6155a367e3e597fa7ab551f6afac083f
@ -65,4 +67,5 @@ SHA1 (patch-qemu-xen_audio_audio.c) = 8452d63fe90e38a64111d0cf425bacd565fe6d82
SHA1 (patch-qemu-xen_qemu-doc.texi) = 721e80d15ac30ac71df3d6c4c485b0bf70897cf9
SHA1 (patch-qemu-xen_util_hbitmap.c) = 5a495ae2b47d1ff6dd342633b8d655582f21dffe
SHA1 (patch-qemu-xen_xen-hvm.c) = 11d4deb5de577e8beb2d1c6c3ca886e3d7563f8a
SHA1 (patch-xenpaging_xenpaging.c) = 3faaa93ae6e1a0debdadf2e520f0f2781ee2ae10
SHA1 (patch-xenstore_xc.c) = 51b39e9929062e72d0ff85f0ee6d13a6ac04ac65

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,66 @@
$NetBSD: patch-XSA-180,v 1.1 2016/08/06 12:41:36 spz Exp $
patch for XSA-180 from upstream
--- qemu-xen-traditional/vl.c.orig 2016-01-04 15:36:03.000000000 +0000
+++ qemu-xen-traditional/vl.c
@@ -3753,6 +3753,50 @@ static void host_main_loop_wait(int *tim
}
#endif
+static void check_cve_2014_3672_xen(void)
+{
+ static unsigned long limit = ~0UL;
+ const int fd = 2;
+ struct stat stab;
+
+ if (limit == ~0UL) {
+ const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
+ /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
+ limit = s ? strtoul(s,0,0) : 1*1024*1024;
+ }
+ if (limit == 0)
+ return;
+
+ int r = fstat(fd, &stab);
+ if (r) {
+ perror("fstat stderr (for CVE-2014-3672 check)");
+ exit(-1);
+ }
+ if (!S_ISREG(stab.st_mode))
+ return;
+ if (stab.st_size <= limit)
+ return;
+
+ /* oh dear */
+ fprintf(stderr,"\r\n"
+ "Closing stderr due to CVE-2014-3672 limit. "
+ " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
+ " or 0 for no limit.\n");
+ fflush(stderr);
+
+ int nfd = open("/dev/null", O_WRONLY);
+ if (nfd < 0) {
+ perror("open /dev/null (for CVE-2014-3672 check)");
+ exit(-1);
+ }
+ r = dup2(nfd, fd);
+ if (r != fd) {
+ perror("dup2 /dev/null (for CVE-2014-3672 check)");
+ exit(-1);
+ }
+ close(nfd);
+}
+
void main_loop_wait(int timeout)
{
IOHandlerRecord *ioh;
@@ -3762,6 +3806,8 @@ void main_loop_wait(int timeout)
qemu_bh_update_timeout(&timeout);
+ check_cve_2014_3672_xen();
+
host_main_loop_wait(&timeout);
/* poll any events */

View file

@ -0,0 +1,14 @@
$NetBSD: patch-xenpaging_xenpaging.c,v 1.1 2016/08/06 12:41:36 spz Exp $
--- xenpaging/xenpaging.c.orig 2016-03-23 13:57:27.000000000 +0000
+++ xenpaging/xenpaging.c
@@ -184,6 +184,9 @@ static void *init_page(void)
{
void *buffer;
+ buffer = NULL; /* shut up compiler about uninitialized use:
+ * posix_memalign initializes it */
+
/* Allocated page memory */
errno = posix_memalign(&buffer, PAGE_SIZE, PAGE_SIZE);
if ( errno != 0 )