Fri Apr 19 14:03:52 2013 UTC ()
Add patch from Xen security advisory:
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html


(bouyer)
diff -r1.30 -r1.31 pkgsrc/sysutils/xentools41/Makefile
diff -r1.27 -r1.28 pkgsrc/sysutils/xentools41/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xentools41/patches/patch-CVE-2013-0215-1
diff -r0 -r1.1 pkgsrc/sysutils/xentools41/patches/patch-CVE-2013-0215-2
cvs diff -r1.30 -r1.31 pkgsrc/sysutils/xentools41/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/sysutils/xentools41/Attic/Makefile 2013/04/11 19:57:53 1.30
+++ pkgsrc/sysutils/xentools41/Attic/Makefile 2013/04/19 14:03:51 1.31
@@ -1,21 +1,21 @@ @@ -1,21 +1,21 @@
1# $NetBSD: Makefile,v 1.30 2013/04/11 19:57:53 joerg Exp $ 1# $NetBSD: Makefile,v 1.31 2013/04/19 14:03:51 bouyer Exp $
2# 2#
3# VERSION is set in version.mk as it is shared with other packages 3# VERSION is set in version.mk as it is shared with other packages
4.include "version.mk" 4.include "version.mk"
5 5
6DISTNAME= xen-${VERSION} 6DISTNAME= xen-${VERSION}
7PKGNAME= xentools41-${VERSION} 7PKGNAME= xentools41-${VERSION}
8PKGREVISION= 3 8PKGREVISION= 4
9CATEGORIES= sysutils 9CATEGORIES= sysutils
10MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ 10MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
11 11
12DISTFILES= ${DISTNAME}.tar.gz 12DISTFILES= ${DISTNAME}.tar.gz
13DISTFILES+= ipxe-git-v1.0.0.tar.gz 13DISTFILES+= ipxe-git-v1.0.0.tar.gz
14SITES.ipxe-git-v1.0.0.tar.gz += http://xenbits.xensource.com/xen-extfiles/ 14SITES.ipxe-git-v1.0.0.tar.gz += http://xenbits.xensource.com/xen-extfiles/
15 15
16MAINTAINER= cegger@NetBSD.org 16MAINTAINER= cegger@NetBSD.org
17HOMEPAGE= http://xen.org/ 17HOMEPAGE= http://xen.org/
18COMMENT= Userland Tools for Xen 4.1.x 18COMMENT= Userland Tools for Xen 4.1.x
19 19
20LICENSE= gnu-gpl-v2 20LICENSE= gnu-gpl-v2
21 21
cvs diff -r1.27 -r1.28 pkgsrc/sysutils/xentools41/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/sysutils/xentools41/Attic/distinfo 2013/04/11 19:57:53 1.27
+++ pkgsrc/sysutils/xentools41/Attic/distinfo 2013/04/19 14:03:51 1.28
@@ -1,26 +1,28 @@ @@ -1,26 +1,28 @@
1$NetBSD: distinfo,v 1.27 2013/04/11 19:57:53 joerg Exp $ 1$NetBSD: distinfo,v 1.28 2013/04/19 14:03:51 bouyer Exp $
2 2
3SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 3SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
4RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 4RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
5Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes 5Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes
6SHA1 (xen-4.1.4.tar.gz) = d5f1e9c9eeb96202dd827c196750530ffc64baab 6SHA1 (xen-4.1.4.tar.gz) = d5f1e9c9eeb96202dd827c196750530ffc64baab
7RMD160 (xen-4.1.4.tar.gz) = e3cb379954c985354dfd7dfbed15eae43e73254d 7RMD160 (xen-4.1.4.tar.gz) = e3cb379954c985354dfd7dfbed15eae43e73254d
8Size (xen-4.1.4.tar.gz) = 10387283 bytes 8Size (xen-4.1.4.tar.gz) = 10387283 bytes
9SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 9SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808
10SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba 10SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba
11SHA1 (patch-.._.._ipxe_src_net_tls.c) = c0cfbc2ab2b92c659c146601c4f80d58c951ca62 11SHA1 (patch-.._.._ipxe_src_net_tls.c) = c0cfbc2ab2b92c659c146601c4f80d58c951ca62
12SHA1 (patch-.._Config.mk) = 9b971a41f67bb3974d3a4459bb9d96fbbd636c96 12SHA1 (patch-.._Config.mk) = 9b971a41f67bb3974d3a4459bb9d96fbbd636c96
13SHA1 (patch-CVE-2012-6075) = 9de84238489875d94245d4f6ce3689629bb318ee 13SHA1 (patch-CVE-2012-6075) = 9de84238489875d94245d4f6ce3689629bb318ee
 14SHA1 (patch-CVE-2013-0215-1) = 61149c756c6b9314980368cadb09437c64205199
 15SHA1 (patch-CVE-2013-0215-2) = 44a86ef7fa85a212fda95e73ef8aefb98af1cc39
14SHA1 (patch-aa) = 9b53ba4a809dad7a1de34c8fa0dbe493d7256ada 16SHA1 (patch-aa) = 9b53ba4a809dad7a1de34c8fa0dbe493d7256ada
15SHA1 (patch-ab) = 0906a5ec3a7450fc987b01289e2560e60966d00d 17SHA1 (patch-ab) = 0906a5ec3a7450fc987b01289e2560e60966d00d
16SHA1 (patch-ac) = c3cc5335a1d6b066307c5f03fe72f513a9eb2bdb 18SHA1 (patch-ac) = c3cc5335a1d6b066307c5f03fe72f513a9eb2bdb
17SHA1 (patch-ad) = 5eb15470bff85d30b6d26d8fe094f59fc8e34175 19SHA1 (patch-ad) = 5eb15470bff85d30b6d26d8fe094f59fc8e34175
18SHA1 (patch-ae) = 400bd6cac23af1e75f45c3e4e88e3130a3517129 20SHA1 (patch-ae) = 400bd6cac23af1e75f45c3e4e88e3130a3517129
19SHA1 (patch-af) = e866e7d96766b735a53432350275810803eeb510 21SHA1 (patch-af) = e866e7d96766b735a53432350275810803eeb510
20SHA1 (patch-ag) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8 22SHA1 (patch-ag) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8
21SHA1 (patch-ah) = ab91c41ef6bbdd7f7f3d992b9f81e43056a765e2 23SHA1 (patch-ah) = ab91c41ef6bbdd7f7f3d992b9f81e43056a765e2
22SHA1 (patch-ai) = 8da6bba38bd7677ea829ca35058f7d2d1d7acad4 24SHA1 (patch-ai) = 8da6bba38bd7677ea829ca35058f7d2d1d7acad4
23SHA1 (patch-aj) = d0999d8dcbc1eef4de7037db0e54dcd8d2f706eb 25SHA1 (patch-aj) = d0999d8dcbc1eef4de7037db0e54dcd8d2f706eb
24SHA1 (patch-ak) = 722a6b0541b036d84c703037134e25bc47f3eb65 26SHA1 (patch-ak) = 722a6b0541b036d84c703037134e25bc47f3eb65
25SHA1 (patch-al) = d9a310c16db708dd86170a13946f87e4cd21eb7a 27SHA1 (patch-al) = d9a310c16db708dd86170a13946f87e4cd21eb7a
26SHA1 (patch-ba) = 2c65e4b4b85e91e92dfb3aa402ebc44694bdff06 28SHA1 (patch-ba) = 2c65e4b4b85e91e92dfb3aa402ebc44694bdff06
@@ -31,29 +33,27 @@ SHA1 (patch-cb) = 5563a72e203e789a86f416 @@ -31,29 +33,27 @@ SHA1 (patch-cb) = 5563a72e203e789a86f416
31SHA1 (patch-cc) = 24d71f68a93b59bd5c5441c257d34862e7302040 33SHA1 (patch-cc) = 24d71f68a93b59bd5c5441c257d34862e7302040
32SHA1 (patch-cd) = 7b25b3b3a8d58effae395d776f2a4b94d79acfcb 34SHA1 (patch-cd) = 7b25b3b3a8d58effae395d776f2a4b94d79acfcb
33SHA1 (patch-ce) = 613f4c4605af860e5f88b68c49a0e7870ba6ecde 35SHA1 (patch-ce) = 613f4c4605af860e5f88b68c49a0e7870ba6ecde
34SHA1 (patch-cf) = c8740b1c9cfac686f2e4e32c7613b5f02206459d 36SHA1 (patch-cf) = c8740b1c9cfac686f2e4e32c7613b5f02206459d
35SHA1 (patch-cg) = 119029fda1d4ecee90d0a108151596cb3ef0ec74 37SHA1 (patch-cg) = 119029fda1d4ecee90d0a108151596cb3ef0ec74
36SHA1 (patch-ch) = 84e816c95167828314ef901e324772249a407c41 38SHA1 (patch-ch) = 84e816c95167828314ef901e324772249a407c41
37SHA1 (patch-config_StdGNU.mk) = bbded4d6da3fae55bfd8dad42ac9b45721ee1ebe 39SHA1 (patch-config_StdGNU.mk) = bbded4d6da3fae55bfd8dad42ac9b45721ee1ebe
38SHA1 (patch-da) = 1a7ecd9536340deac2945786b9faae55680525ca 40SHA1 (patch-da) = 1a7ecd9536340deac2945786b9faae55680525ca
39SHA1 (patch-db) = 4766f9925462023332793bcea4321072758e289d 41SHA1 (patch-db) = 4766f9925462023332793bcea4321072758e289d
40SHA1 (patch-dc) = d860fe3725978227278d58f09e7d5157001e463e 42SHA1 (patch-dc) = d860fe3725978227278d58f09e7d5157001e463e
41SHA1 (patch-dd) = e66d9cc0028ba922b050fc142862b4095cd018f3 43SHA1 (patch-dd) = e66d9cc0028ba922b050fc142862b4095cd018f3
42SHA1 (patch-de) = fae94b61a430a1a7dd98c9a6a04e4513824c6d8d 44SHA1 (patch-de) = fae94b61a430a1a7dd98c9a6a04e4513824c6d8d
43SHA1 (patch-df) = d20bf9d3fd05f5334f77c9154bf0fb9944c1292c 45SHA1 (patch-df) = d20bf9d3fd05f5334f77c9154bf0fb9944c1292c
44SHA1 (patch-examples_Makefile) = da39a3ee5e6b4b0d3255bfef95601890afd80709 
45SHA1 (patch-firmware_hvmloader_Makefile) = b2914e4988ba004d45403d67f1580b1f9725d006 46SHA1 (patch-firmware_hvmloader_Makefile) = b2914e4988ba004d45403d67f1580b1f9725d006
46SHA1 (patch-hotplug_common_Makefile) = da39a3ee5e6b4b0d3255bfef95601890afd80709 
47SHA1 (patch-ioemu-qemu-xen_hw_pass-through.c) = 76185c239078f29cb42b953d6c2cd1f59e240989 47SHA1 (patch-ioemu-qemu-xen_hw_pass-through.c) = 76185c239078f29cb42b953d6c2cd1f59e240989
48SHA1 (patch-ioemu-qemu-xen_hw_pass-through.h) = 98c26798d1ad99d3eee8b33deb08f747c958c886 48SHA1 (patch-ioemu-qemu-xen_hw_pass-through.h) = 98c26798d1ad99d3eee8b33deb08f747c958c886
49SHA1 (patch-ioemu-qemu-xen_hw_piix4acpi.c) = ca19457e9bde2d844a86a866960ac6de1f3d084c 49SHA1 (patch-ioemu-qemu-xen_hw_piix4acpi.c) = ca19457e9bde2d844a86a866960ac6de1f3d084c
50SHA1 (patch-ioemu-qemu-xen_hw_pt-graphics.c) = 3c03404f1d711c667559a1332e717a5f1b5ceda8 50SHA1 (patch-ioemu-qemu-xen_hw_pt-graphics.c) = 3c03404f1d711c667559a1332e717a5f1b5ceda8
51SHA1 (patch-ioemu-qemu-xen_hw_pt-msi.c) = 2dcebc65f591988bb95dea74c3b21f7066154a9f 51SHA1 (patch-ioemu-qemu-xen_hw_pt-msi.c) = 2dcebc65f591988bb95dea74c3b21f7066154a9f
52SHA1 (patch-ioemu-qemu-xen_hw_pt-msi.h) = d1bb1a8ad90d6577056f11df96f5469ffe74a3b0 52SHA1 (patch-ioemu-qemu-xen_hw_pt-msi.h) = d1bb1a8ad90d6577056f11df96f5469ffe74a3b0
53SHA1 (patch-ioemu-qemu-xen_xen-hooks.mak) = a00d9a9fd0fbb9fd89788b9dfaf5b389a28d47e2 53SHA1 (patch-ioemu-qemu-xen_xen-hooks.mak) = a00d9a9fd0fbb9fd89788b9dfaf5b389a28d47e2
54SHA1 (patch-libcx_xc__dom__boot.c) = 0507c2d7fe194f2d11a367fb1840b5d36da66cb1 54SHA1 (patch-libcx_xc__dom__boot.c) = 0507c2d7fe194f2d11a367fb1840b5d36da66cb1
55SHA1 (patch-libxl_libxl_create.c) = 02b661ca684609939c6ef762c0ddd1c5e62ad4d0 55SHA1 (patch-libxl_libxl_create.c) = 02b661ca684609939c6ef762c0ddd1c5e62ad4d0
56SHA1 (patch-libxl_libxl_internal.h) = e126e5e998117903f0c66cc370d350c504ed33d9 56SHA1 (patch-libxl_libxl_internal.h) = e126e5e998117903f0c66cc370d350c504ed33d9
57SHA1 (patch-ocaml_Makefile.rules) = 104f9d40186e5e4ca6a2e6359bbb369c3c91d1dc 57SHA1 (patch-ocaml_Makefile.rules) = 104f9d40186e5e4ca6a2e6359bbb369c3c91d1dc
58SHA1 (patch-ocaml_common.make) = c59d32301198d65691ab23529dd791de5ac40199 58SHA1 (patch-ocaml_common.make) = c59d32301198d65691ab23529dd791de5ac40199
59SHA1 (patch-ocaml_xenstored_define.ml) = f44841625554ceba6e83dbb41f688993c2a8d9a2 59SHA1 (patch-ocaml_xenstored_define.ml) = f44841625554ceba6e83dbb41f688993c2a8d9a2
File Added: pkgsrc/sysutils/xentools41/patches/Attic/patch-CVE-2013-0215-1
$NetBSD: patch-CVE-2013-0215-1,v 1.1 2013/04/19 14:03:51 bouyer Exp $

http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html

--- ocaml/libs/xb/partial.ml.orig
+++ ocaml/libs/xb/partial.ml
@@ -27,8 +27,15 @@ external header_size: unit -> int = "stub_header_size"
 external header_of_string_internal: string -> int * int * int * int
          = "stub_header_of_string"
 
+let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *)
+
 let of_string s =
 	let tid, rid, opint, dlen = header_of_string_internal s in
+	(* A packet which is bigger than xenstore_payload_max is illegal.
+	   This will leave the guest connection is a bad state and will
+	   be hard to recover from without restarting the connection
+	   (ie rebooting the guest) *)
+	let dlen = min xenstore_payload_max dlen in
 	{
 		tid = tid;
 		rid = rid;
@@ -38,6 +45,7 @@ let of_string s =
 	}
 
 let append pkt s sz =
+	if pkt.len > 4096 then failwith "Buffer.add: cannot grow buffer";
 	Buffer.add_string pkt.buf (String.sub s 0 sz)
 
 let to_complete pkt =
File Added: pkgsrc/sysutils/xentools41/patches/Attic/patch-CVE-2013-0215-2
$NetBSD: patch-CVE-2013-0215-2,v 1.1 2013/04/19 14:03:52 bouyer Exp $

http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html

--- ocaml/libs/xb/xs_ring_stubs.c.orig
+++ ocaml/libs/xb/xs_ring_stubs.c
@@ -39,21 +39,23 @@ static int xs_ring_read(struct mmap_interface *interface,
                              char *buffer, int len)
 {
 	struct xenstore_domain_interface *intf = interface->addr;
-	XENSTORE_RING_IDX cons, prod;
+	XENSTORE_RING_IDX cons, prod; /* offsets only */
 	int to_read;
 
-	cons = intf->req_cons;
-	prod = intf->req_prod;
+	cons = *(volatile uint32*)&intf->req_cons;
+	prod = *(volatile uint32*)&intf->req_prod;
 	xen_mb();
 	if (prod == cons)
 		return 0;
-	if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons)) 
+	cons = MASK_XENSTORE_IDX(cons);
+	prod = MASK_XENSTORE_IDX(prod);
+	if (prod > cons)
 		to_read = prod - cons;
 	else
-		to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons);
+		to_read = XENSTORE_RING_SIZE - cons;
 	if (to_read < len)
 		len = to_read;
-	memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len);
+	memcpy(buffer, intf->req + cons, len);
 	xen_mb();
 	intf->req_cons += len;
 	return len;
@@ -66,8 +68,8 @@ static int xs_ring_write(struct mmap_interface *interface,
 	XENSTORE_RING_IDX cons, prod;
 	int can_write;
 
-	cons = intf->rsp_cons;
-	prod = intf->rsp_prod;
+	cons = *(volatile uint32*)&intf->rsp_cons;
+	prod = *(volatile uint32*)&intf->rsp_prod;
 	xen_mb();
 	if ( (prod - cons) >= XENSTORE_RING_SIZE )
 		return 0;