Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id E0E2FA5674 for ; Fri, 13 Mar 2015 09:43:48 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 08C0414A317; Fri, 13 Mar 2015 09:43:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6831D14A311 for ; Fri, 13 Mar 2015 09:43:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id wSfwCkUIhkyw for ; Fri, 13 Mar 2015 09:43:41 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id BA03F14A30C for ; Fri, 13 Mar 2015 09:43:41 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id B483698; Fri, 13 Mar 2015 09:43:41 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 13 Mar 2015 09:43:41 +0000 From: "S.P.Zeidler" Subject: CVS commit: pkgsrc/sysutils/xentools42 To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20150313094341.B483698@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: spz Date: Fri Mar 13 09:43:41 UTC 2015 Modified Files: pkgsrc/sysutils/xentools42: Makefile distinfo Added Files: pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-2152 Log Message: xsa119-4.2.patch from upstream: >From b6e327fde6c365086594e2b46edf435aa1671b1a Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Fri, 20 Feb 2015 14:41:09 +0000 Subject: [PATCH] tools: libxl: Explicitly disable graphics backends on qemu cmdline By default qemu will try to create some sort of backend for the emulated VGA device, either SDL or VNC. However when the user specifies sdl=0 and vnc=0 in their configuration libxl was not explicitly disabling either backend, which could lead to one unexpectedly running. If either sdl=1 or vnc=1 is configured then both before and after this change only the backends which are explicitly enabled are configured, i.e. this issue only occurs when all backends are supposed to have been disabled. This affects qemu-xen and qemu-xen-traditional differently. If qemu-xen was compiled with SDL support then this would result in an SDL window being opened if $DISPLAY is valid, or a failure to start the guest if not. Passing "-display none" to qemu before any further -sdl options disables this default behaviour and ensures that SDL is only started if the libxl configuration demands it. If qemu-xen was compiled without SDL support then qemu would instead start a VNC server listening on ::1 (IPv6 localhost) or 127.0.0.1 (IPv4 localhost) with IPv6 preferred if available. Explicitly pass "-vnc none" when vnc is not enabled in the libxl configuration to remove this possibility. qemu-xen-traditional would never start a vnc backend unless asked. However by default it will start an SDL backend, the way to disable this is to pass a -vnc option. In other words passing "-vnc none" will disable both vnc and sdl by default. sdl can then be reenabled if configured by subsequent use of the -sdl option. Tested with both qemu-xen and qemu-xen-traditional built with SDL support and: xl cr # defaults xl cr sdl=0 vnc=0 xl cr sdl=1 vnc=0 xl cr sdl=0 vnc=1 xl cr sdl=0 vnc=0 vga=\"none\" xl cr sdl=0 vnc=0 nographic=1 with both valid and invalid $DISPLAY. This is XSA-119. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 pkgsrc/sysutils/xentools42/Makefile cvs rdiff -u -r1.14 -r1.15 pkgsrc/sysutils/xentools42/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools42/patches/patch-CVE-2015-2152 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.