Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ian Delaney (idella4)" <idella4@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-emulation/xen-pvgrub/files: xen-4-CVE-2012-4544-XSA-25.patch xen-4.2.0-jserver.patch xen-4-CVE-2012-6075-XSA-41.patch xen-4-fix_dotconfig-gcc.patch xen-4.2.0-externals.patch
Date: Wed, 30 Jan 2013 14:12:33
Message-Id: 20130130141230.6F15F2171D@flycatcher.gentoo.org
1 idella4 13/01/30 14:12:30
2
3 Modified: xen-4-fix_dotconfig-gcc.patch
4 xen-4.2.0-externals.patch
5 Added: xen-4-CVE-2012-4544-XSA-25.patch
6 xen-4.2.0-jserver.patch
7 xen-4-CVE-2012-6075-XSA-41.patch
8 Log:
9 revbump; -4.2.0-r1, python eclass added to enable & ensure a py2 build wrt Bug 53930, xen-4-fix_dotconfig-gcc.patch, xen-4.2.0-externals.patch upgraded 1 sec. patch added, -4.2.1-r1 mirrors changes of -4.2.0-r1, -j1 workaround fixed in -jserver.patch also in -4.2.0.
10
11 (Portage version: 2.1.11.40/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
12
13 Revision Changes Path
14 1.2 app-emulation/xen-pvgrub/files/xen-4-fix_dotconfig-gcc.patch
15
16 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-fix_dotconfig-gcc.patch?rev=1.2&view=markup
17 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-fix_dotconfig-gcc.patch?rev=1.2&content-type=text/plain
18 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-fix_dotconfig-gcc.patch?r1=1.1&r2=1.2
19
20 Index: xen-4-fix_dotconfig-gcc.patch
21 ===================================================================
22 RCS file: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-fix_dotconfig-gcc.patch,v
23 retrieving revision 1.1
24 retrieving revision 1.2
25 diff -u -r1.1 -r1.2
26 --- xen-4-fix_dotconfig-gcc.patch 4 Dec 2012 16:31:20 -0000 1.1
27 +++ xen-4-fix_dotconfig-gcc.patch 30 Jan 2013 14:12:30 -0000 1.2
28 @@ -7,7 +7,7 @@
29 # Define some default flags.
30 # NB. '-Wcast-qual' is nasty, so I omitted it.
31 -DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls
32 -+DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls
33 ++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls
34 DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
35 DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline)
36 DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline
37 @@ -19,7 +19,7 @@
38 -include $(XEN_TARGET_ARCH)/Makefile
39
40 -CFLAGS += -Werror -Wmissing-prototypes
41 -+CFLAGS += -Wmissing-prototypes
42 ++CFLAGS += -Wmissing-prototypes
43 CFLAGS += -I. $(CFLAGS_xeninclude)
44
45 # Needed for posix_fadvise64() in xc_linux.c
46 @@ -27,7 +27,7 @@
47 diff -ur xen-4.2.0.orig/Config.mk xen-4.2.0/Config.mk
48 --- Config.mk 2012-09-17 18:23:12.000000000 +0800
49 +++ Config.mk 2012-12-05 14:01:10.641260261 +0800
50 -@@ -7,7 +7,6 @@
51 +@@ -7,7 +7,6 @@ Drop .config
52 # fallback for older make
53 realpath = $(wildcard $(foreach file,$(1),$(shell cd -P $(dir $(file)) && echo "$$PWD/$(notdir $(file))")))
54
55 @@ -35,3 +35,211 @@
56
57 # A debug build of Xen and tools?
58 debug ?= n
59 +@@ -24,7 +24,7 @@
60 +
61 + # Tools to run on system hosting the build
62 + HOSTCC = gcc
63 +-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
64 ++HOSTCFLAGS = -Wstrict-prototypes -O2 -fomit-frame-pointer
65 + HOSTCFLAGS += -fno-strict-aliasing
66 +
67 + DISTDIR ?= $(XEN_ROOT)/dist
68 +@@ -156,7 +156,7 @@
69 +
70 + CFLAGS += -std=gnu99
71 +
72 +-CFLAGS += -Wall -Wstrict-prototypes
73 ++CFLAGS += -Wstrict-prototypes
74 +
75 + # Clang complains about macros that expand to 'if ( ( foo == bar ) ) ...'
76 + # and is over-zealous with the printf format lint
77 +diff -ur xen-4.2.1.orig/tools/blktap2/drivers/Makefile xen-4.2.1/tools/blktap2/drivers/Makefile
78 +--- tools/blktap2/drivers/Makefile 2012-12-17 23:00:11.000000000 +0800
79 ++++ tools/blktap2/drivers/Makefile 2013-01-30 12:31:43.539941099 +0800
80 +@@ -9,7 +9,7 @@
81 + LOCK_UTIL = lock-util
82 + INST_DIR = $(SBINDIR)
83 +
84 +-CFLAGS += -Werror -g
85 ++CFLAGS += -g
86 + CFLAGS += -Wno-unused
87 + CFLAGS += -fno-strict-aliasing
88 + CFLAGS += -I$(BLKTAP_ROOT)/include -I$(BLKTAP_ROOT)/drivers
89 +diff -ur xen-4.2.1.orig/tools/debugger/gdbsx/Rules.mk xen-4.2.1/tools/debugger/gdbsx/Rules.mk
90 +--- tools/debugger/gdbsx/Rules.mk 2012-12-17 23:00:22.000000000 +0800
91 ++++ tools/debugger/gdbsx/Rules.mk 2013-01-30 12:31:43.516941098 +0800
92 +@@ -1,4 +1,4 @@
93 + include $(XEN_ROOT)/tools/Rules.mk
94 +
95 +-CFLAGS += -Werror -Wmissing-prototypes
96 ++CFLAGS += -Wmissing-prototypes
97 + # (gcc 4.3x and later) -Wconversion -Wno-sign-conversion
98 +diff -ur xen-4.2.1.orig/tools/debugger/xenitp/Makefile xen-4.2.1/tools/debugger/xenitp/Makefile
99 +--- tools/debugger/xenitp/Makefile 2012-12-17 23:00:22.000000000 +0800
100 ++++ tools/debugger/xenitp/Makefile 2013-01-30 12:31:43.516941098 +0800
101 +@@ -1,7 +1,7 @@
102 + XEN_ROOT=$(CURDIR)/../../..
103 + include $(XEN_ROOT)/tools/Rules.mk
104 +
105 +-#CFLAGS += -Werror -g -O0
106 ++#CFLAGS += -g -O0
107 +
108 + CFLAGS += $(CFLAGS_libxenctrl)
109 +
110 +diff -ur xen-4.2.1.orig/tools/libaio/harness/Makefile xen-4.2.1/tools/libaio/harness/Makefile
111 +--- tools/libaio/harness/Makefile 2012-12-17 23:00:35.000000000 +0800
112 ++++ tools/libaio/harness/Makefile 2013-01-30 12:31:43.541941099 +0800
113 +@@ -4,7 +4,7 @@
114 + HARNESS_SRCS:=main.c
115 + # io_queue.c
116 +
117 +-CFLAGS=-Wall -Werror -g -O -laio
118 ++CFLAGS=-Wall -g -O -laio
119 + #-lpthread -lrt
120 +
121 + all: $(PROGS)
122 +diff -ur xen-4.2.1.orig/tools/libfsimage/Rules.mk xen-4.2.1/tools/libfsimage/Rules.mk
123 +--- tools/libfsimage/Rules.mk 2012-12-17 23:00:36.000000000 +0800
124 ++++ tools/libfsimage/Rules.mk 2013-01-30 12:31:43.515941097 +0800
125 +@@ -1,7 +1,7 @@
126 + include $(XEN_ROOT)/tools/Rules.mk
127 +
128 + CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\"
129 +-CFLAGS += -Werror -D_GNU_SOURCE
130 ++CFLAGS += -D_GNU_SOURCE
131 + LDFLAGS += -L../common/
132 +
133 + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
134 +diff -ur xen-4.2.1.orig/tools/libxl/Makefile xen-4.2.1/tools/libxl/Makefile
135 +--- tools/libxl/Makefile 2012-12-17 23:01:08.000000000 +0800
136 ++++ tools/libxl/Makefile 2013-01-30 12:31:43.541941099 +0800
137 +@@ -11,7 +11,7 @@
138 + XLUMAJOR = 1.0
139 + XLUMINOR = 1
140 +
141 +-CFLAGS += -Werror -Wno-format-zero-length -Wmissing-declarations \
142 ++CFLAGS += -Wno-format-zero-length -Wmissing-declarations \
143 + -Wno-declaration-after-statement -Wformat-nonliteral
144 + CFLAGS += -I. -fPIC
145 +
146 +diff -ur xen-4.2.1.orig/tools/qemu-xen/pc-bios/optionrom/Makefile xen-4.2.1/tools/qemu-xen/pc-bios/optionrom/Makefile
147 +--- tools/qemu-xen/pc-bios/optionrom/Makefile 2012-09-11 02:10:52.000000000 +0800
148 ++++ tools/qemu-xen/pc-bios/optionrom/Makefile 2013-01-30 12:31:43.528941098 +0800
149 +@@ -9,7 +9,7 @@
150 +
151 + .PHONY : all clean build-all
152 +
153 +-CFLAGS := -Wall -Wstrict-prototypes -Werror -fomit-frame-pointer -fno-builtin
154 ++CFLAGS := -Wall -Wstrict-prototypes -fomit-frame-pointer -fno-builtin
155 + CFLAGS += -I$(SRC_PATH)
156 + CFLAGS += $(call cc-option, $(CFLAGS), -fno-stack-protector)
157 + QEMU_CFLAGS = $(CFLAGS)
158 +diff -ur xen-4.2.1.orig/tools/vtpm/Rules.mk xen-4.2.1/tools/vtpm/Rules.mk
159 +--- tools/vtpm/Rules.mk 2012-12-17 23:01:35.000000000 +0800
160 ++++ tools/vtpm/Rules.mk 2013-01-30 12:31:43.515941097 +0800
161 +@@ -6,7 +6,7 @@
162 + #
163 +
164 + # General compiler flags
165 +-CFLAGS = -Werror -g3
166 ++CFLAGS = -g3
167 +
168 + # Generic project files
169 + HDRS = $(wildcard *.h)
170 +diff -ur xen-4.2.1.orig/tools/vtpm_manager/Rules.mk xen-4.2.1/tools/vtpm_manager/Rules.mk
171 +--- tools/vtpm_manager/Rules.mk 2012-12-17 23:01:35.000000000 +0800
172 ++++ tools/vtpm_manager/Rules.mk 2013-01-30 12:31:43.511941097 +0800
173 +@@ -6,7 +6,7 @@
174 + #
175 +
176 + # General compiler flags
177 +-CFLAGS = -Werror -g3
178 ++CFLAGS = -g3
179 +
180 + # Generic project files
181 + HDRS = $(wildcard *.h)
182 +diff -ur xen-4.2.1.orig/tools/xenstat/xentop/Makefile xen-4.2.1/tools/xenstat/xentop/Makefile
183 +--- tools/xenstat/xentop/Makefile 2012-12-17 23:01:35.000000000 +0800
184 ++++ tools/xenstat/xentop/Makefile 2013-01-30 12:31:43.535941098 +0800
185 +@@ -18,7 +18,7 @@
186 + all install xentop:
187 + else
188 +
189 +-CFLAGS += -DGCC_PRINTF -Wall -Werror $(CFLAGS_libxenstat)
190 ++CFLAGS += -DGCC_PRINTF -Wall $(CFLAGS_libxenstat)
191 + LDLIBS += $(LDLIBS_libxenstat) $(CURSES_LIBS) $(SOCKET_LIBS)
192 + CFLAGS += -DHOST_$(XEN_OS)
193 +
194 +diff -ur xen-4.2.1.orig/xen/arch/arm/Rules.mk xen-4.2.1/xen/arch/arm/Rules.mk
195 +--- xen/arch/arm/Rules.mk 2012-12-17 23:01:37.000000000 +0800
196 ++++ xen/arch/arm/Rules.mk 2013-01-30 12:31:43.498941097 +0800
197 +@@ -9,7 +9,7 @@
198 + HAS_DEVICE_TREE := y
199 +
200 + CFLAGS += -fno-builtin -fno-common -Wredundant-decls
201 +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe
202 ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe
203 + CFLAGS += -I$(BASEDIR)/include
204 +
205 + # Prevent floating-point variables from creeping into Xen.
206 +diff -ur xen-4.2.1.orig/xen/arch/x86/Rules.mk xen-4.2.1/xen/arch/x86/Rules.mk
207 +--- xen/arch/x86/Rules.mk 2012-12-17 23:01:37.000000000 +0800
208 ++++ xen/arch/x86/Rules.mk 2013-01-30 12:31:43.490941096 +0800
209 +@@ -24,7 +24,7 @@
210 + endif
211 +
212 + CFLAGS += -fno-builtin -fno-common -Wredundant-decls
213 +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe
214 ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe
215 + CFLAGS += -I$(BASEDIR)/include
216 + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic
217 + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default
218 +diff -ur xen-4.2.1.orig/xen/include/Makefile xen-4.2.1/xen/include/Makefile
219 +--- xen/include/Makefile 2012-12-17 23:01:55.000000000 +0800
220 ++++ xen/include/Makefile 2013-01-30 12:31:43.502941097 +0800
221 +@@ -78,7 +78,7 @@
222 + all: headers.chk
223 +
224 + headers.chk: $(filter-out public/arch-% public/%ctl.h public/xsm/% public/%hvm/save.h, $(wildcard public/*.h public/*/*.h) $(public-y)) Makefile
225 +- for i in $(filter %.h,$^); do $(CC) -ansi -include stdint.h -Wall -W -Werror -S -o /dev/null -xc $$i || exit 1; echo $$i; done >$@.new
226 ++ for i in $(filter %.h,$^); do $(CC) -ansi -include stdint.h -Wall -W -S -o /dev/null -xc $$i || exit 1; echo $$i; done >$@.new
227 + mv $@.new $@
228 +
229 + endif
230 +diff -ur xen-4.2.1.orig/tools/tests/mce-test/tools/Makefile xen-4.2.1/tools/tests/mce-test/tools/Makefile
231 +--- tools/tests/mce-test/tools/Makefile 2012-12-17 23:01:35.000000000 +0800
232 ++++ tools/tests/mce-test/tools/Makefile 2013-01-30 13:01:44.890020152 +0800
233 +@@ -1,7 +1,7 @@
234 + XEN_ROOT=$(CURDIR)/../../../..
235 + include $(XEN_ROOT)/tools/Rules.mk
236 +
237 +-CFLAGS += -Werror
238 ++CFLAGS +=
239 + CFLAGS += $(CFLAGS_libxenctrl)
240 + CFLAGS += $(CFLAGS_libxenguest)
241 + CFLAGS += $(CFLAGS_libxenstore)
242 +diff -ur xen-4.2.1.orig/tools/tests/mem-sharing/Makefile xen-4.2.1/tools/tests/mem-sharing/Makefile
243 +--- tools/tests/mem-sharing/Makefile 2012-12-17 23:01:35.000000000 +0800
244 ++++ tools/tests/mem-sharing/Makefile 2013-01-30 13:01:44.890020152 +0800
245 +@@ -1,7 +1,7 @@
246 + XEN_ROOT=$(CURDIR)/../../..
247 + include $(XEN_ROOT)/tools/Rules.mk
248 +
249 +-CFLAGS += -Werror
250 ++CFLAGS +=
251 +
252 + CFLAGS += $(CFLAGS_libxenctrl)
253 + CFLAGS += $(CFLAGS_xeninclude)
254 +diff -ur xen-4.2.1.orig/tools/tests/xen-access/Makefile xen-4.2.1/tools/tests/xen-access/Makefile
255 +--- tools/tests/xen-access/Makefile 2012-12-17 23:01:35.000000000 +0800
256 ++++ tools/tests/xen-access/Makefile 2013-01-30 13:01:44.891020152 +0800
257 +@@ -1,7 +1,7 @@
258 + XEN_ROOT=$(CURDIR)/../../..
259 + include $(XEN_ROOT)/tools/Rules.mk
260 +
261 +-CFLAGS += -Werror
262 ++CFLAGS +=
263 +
264 + CFLAGS += $(CFLAGS_libxenctrl)
265 + CFLAGS += $(CFLAGS_libxenguest)
266 +
267
268
269
270 1.3 app-emulation/xen-pvgrub/files/xen-4.2.0-externals.patch
271
272 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4.2.0-externals.patch?rev=1.3&view=markup
273 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4.2.0-externals.patch?rev=1.3&content-type=text/plain
274 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4.2.0-externals.patch?r1=1.2&r2=1.3
275
276 Index: xen-4.2.0-externals.patch
277 ===================================================================
278 RCS file: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4.2.0-externals.patch,v
279 retrieving revision 1.2
280 retrieving revision 1.3
281 diff -u -r1.2 -r1.3
282 --- xen-4.2.0-externals.patch 28 Jan 2013 05:29:05 -0000 1.2
283 +++ xen-4.2.0-externals.patch 30 Jan 2013 14:12:30 -0000 1.3
284 @@ -1,5 +1,46 @@
285 # Patch Makefile to patch insource newlib,
286 # Prevent internal downloading of external packages
287 +diff -ur xen-4.2.0.orig/stubdom/Makefile xen-4.2.0/stubdom/Makefile
288 +--- stubdom/Makefile 2012-09-17 18:21:17.000000000 +0800
289 ++++ stubdom/Makefile 2012-12-05 14:01:10.694260256 +0800
290 +@@ -8,30 +8,30 @@
291 + include $(XEN_ROOT)/Config.mk
292 +
293 + #ZLIB_URL?=http://www.zlib.net
294 +-ZLIB_URL=$(XEN_EXTFILES_URL)
295 ++ZLIB_URL=/mnt/gen2/TmpDir/portage/app-emulation/xen-pvgrub-4.2.0/distdir
296 + ZLIB_VERSION=1.2.3
297 +
298 + #LIBPCI_URL?=http://www.kernel.org/pub/software/utils/pciutils
299 +-LIBPCI_URL?=$(XEN_EXTFILES_URL)
300 ++LIBPCI_URL?=/mnt/gen2/TmpDir/portage/app-emulation/xen-pvgrub-4.2.0/distdir
301 + LIBPCI_VERSION=2.2.9
302 +
303 + #NEWLIB_URL?=ftp://sources.redhat.com/pub/newlib
304 +-NEWLIB_URL?=$(XEN_EXTFILES_URL)
305 ++NEWLIB_URL?=/mnt/gen2/TmpDir/portage/app-emulation/xen-pvgrub-4.2.0/distdir
306 + NEWLIB_VERSION=1.16.0
307 +
308 + #LWIP_URL?=http://download.savannah.gnu.org/releases/lwip
309 +-LWIP_URL?=$(XEN_EXTFILES_URL)
310 ++LWIP_URL?=/mnt/gen2/TmpDir/portage/app-emulation/xen-pvgrub-4.2.0/distdir
311 + LWIP_VERSION=1.3.0
312 +
313 + #GRUB_URL?=http://alpha.gnu.org/gnu/grub
314 +-GRUB_URL?=$(XEN_EXTFILES_URL)
315 ++GRUB_URL?=/mnt/gen2/TmpDir/portage/app-emulation/xen-pvgrub-4.2.0/distdir
316 + GRUB_VERSION=0.97
317 +
318 +-#OCAML_URL?=$(XEN_EXTFILES_URL)
319 ++#OCAML_URL?=/mnt/gen2/TmpDir/portage/app-emulation/xen-pvgrub-4.2.0/distdir
320 + OCAML_URL?=http://caml.inria.fr/pub/distrib/ocaml-3.11
321 + OCAML_VERSION=3.11.0
322 +
323 +-WGET=wget -c
324 ++WGET=cp -t .
325 +
326 + GNU_TARGET_ARCH:=$(XEN_TARGET_ARCH)
327 + ifeq ($(XEN_TARGET_ARCH),x86_32)
328 @@ -95,12 +95,13 @@
329 ##############
330
331
332
333
334 1.1 app-emulation/xen-pvgrub/files/xen-4-CVE-2012-4544-XSA-25.patch
335
336 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-4544-XSA-25.patch?rev=1.1&view=markup
337 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-4544-XSA-25.patch?rev=1.1&content-type=text/plain
338
339 Index: xen-4-CVE-2012-4544-XSA-25.patch
340 ===================================================================
341
342 # HG changeset patch
343 # User Ian Jackson <Ian.Jackson@×××××××××.com>
344 # Date 1351264255 -3600
345 # Node ID 537776f51f79c5789d06f97b363596a197c3e71c
346 # Parent 40ccbee890e1fc053de3046bbc3d13b8ff6f5d63
347 libxc: builder: limit maximum size of kernel/ramdisk.
348
349 Allowing user supplied kernels of arbitrary sizes, especially during
350 decompression, can swallow up dom0 memory leading to either virtual
351 address space exhaustion in the builder process or allocation
352 failures/OOM killing of both toolstack and unrelated processes.
353
354 We disable these checks when building in a stub domain for pvgrub
355 since this uses the guest's own memory and is isolated.
356
357 Decompression of gzip compressed kernels and ramdisks has been safe
358 since 14954:58205257517d (Xen 3.1.0 onwards).
359
360 This is XSA-25 / CVE-2012-4544.
361
362 Also make explicit checks for buffer overflows in various
363 decompression routines. These were already ruled out due to other
364 properties of the code but check them as a belt-and-braces measure.
365
366 Signed-off-by: Ian Campbell <ian.campbell@××××××.com>
367 Acked-by: Ian Jackson <ian.jackson@×××××××××.com>
368
369 diff -r 40ccbee890e1 -r 537776f51f79 stubdom/grub/kexec.c
370 --- stubdom/grub/kexec.c Thu Oct 25 15:36:32 2012 +0200
371 +++ stubdom/grub/kexec.c Fri Oct 26 16:10:55 2012 +0100
372 @@ -137,6 +137,10 @@ void kexec(void *kernel, long kernel_siz
373 dom = xc_dom_allocate(xc_handle, cmdline, features);
374 dom->allocate = kexec_allocate;
375
376 + /* We are using guest owned memory, therefore no limits. */
377 + xc_dom_kernel_max_size(dom, 0);
378 + xc_dom_ramdisk_max_size(dom, 0);
379 +
380 dom->kernel_blob = kernel;
381 dom->kernel_size = kernel_size;
382
383 diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom.h
384 --- tools/libxc/xc_dom.h Thu Oct 25 15:36:32 2012 +0200
385 +++ tools/libxc/xc_dom.h Fri Oct 26 16:10:55 2012 +0100
386 @@ -55,6 +55,9 @@ struct xc_dom_image {
387 void *ramdisk_blob;
388 size_t ramdisk_size;
389
390 + size_t max_kernel_size;
391 + size_t max_ramdisk_size;
392 +
393 /* arguments and parameters */
394 char *cmdline;
395 uint32_t f_requested[XENFEAT_NR_SUBMAPS];
396 @@ -180,6 +183,23 @@ void xc_dom_release_phys(struct xc_dom_i
397 void xc_dom_release(struct xc_dom_image *dom);
398 int xc_dom_mem_init(struct xc_dom_image *dom, unsigned int mem_mb);
399
400 +/* Set this larger if you have enormous ramdisks/kernels. Note that
401 + * you should trust all kernels not to be maliciously large (e.g. to
402 + * exhaust all dom0 memory) if you do this (see CVE-2012-4544 /
403 + * XSA-25). You can also set the default independently for
404 + * ramdisks/kernels in xc_dom_allocate() or call
405 + * xc_dom_{kernel,ramdisk}_max_size.
406 + */
407 +#ifndef XC_DOM_DECOMPRESS_MAX
408 +#define XC_DOM_DECOMPRESS_MAX (1024*1024*1024) /* 1GB */
409 +#endif
410 +
411 +int xc_dom_kernel_check_size(struct xc_dom_image *dom, size_t sz);
412 +int xc_dom_kernel_max_size(struct xc_dom_image *dom, size_t sz);
413 +
414 +int xc_dom_ramdisk_check_size(struct xc_dom_image *dom, size_t sz);
415 +int xc_dom_ramdisk_max_size(struct xc_dom_image *dom, size_t sz);
416 +
417 size_t xc_dom_check_gzip(xc_interface *xch,
418 void *blob, size_t ziplen);
419 int xc_dom_do_gunzip(xc_interface *xch,
420 @@ -240,7 +260,8 @@ void xc_dom_log_memory_footprint(struct
421 void *xc_dom_malloc(struct xc_dom_image *dom, size_t size);
422 void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size);
423 void *xc_dom_malloc_filemap(struct xc_dom_image *dom,
424 - const char *filename, size_t * size);
425 + const char *filename, size_t * size,
426 + const size_t max_size);
427 char *xc_dom_strdup(struct xc_dom_image *dom, const char *str);
428
429 /* --- alloc memory pool ------------------------------------------- */
430 diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom_bzimageloader.c
431 --- tools/libxc/xc_dom_bzimageloader.c Thu Oct 25 15:36:32 2012 +0200
432 +++ tools/libxc/xc_dom_bzimageloader.c Fri Oct 26 16:10:55 2012 +0100
433 @@ -47,13 +47,19 @@ static int xc_try_bzip2_decode(
434 char *out_buf;
435 char *tmp_buf;
436 int retval = -1;
437 - int outsize;
438 + unsigned int outsize;
439 uint64_t total;
440
441 stream.bzalloc = NULL;
442 stream.bzfree = NULL;
443 stream.opaque = NULL;
444
445 + if ( dom->kernel_size == 0)
446 + {
447 + DOMPRINTF("BZIP2: Input is 0 size");
448 + return -1;
449 + }
450 +
451 ret = BZ2_bzDecompressInit(&stream, 0, 0);
452 if ( ret != BZ_OK )
453 {
454 @@ -66,6 +72,17 @@ static int xc_try_bzip2_decode(
455 * the input buffer to start, and we'll realloc as needed.
456 */
457 outsize = dom->kernel_size;
458 +
459 + /*
460 + * stream.avail_in and outsize are unsigned int, while kernel_size
461 + * is a size_t. Check we aren't overflowing.
462 + */
463 + if ( outsize != dom->kernel_size )
464 + {
465 + DOMPRINTF("BZIP2: Input too large");
466 + goto bzip2_cleanup;
467 + }
468 +
469 out_buf = malloc(outsize);
470 if ( out_buf == NULL )
471 {
472 @@ -98,13 +115,20 @@ static int xc_try_bzip2_decode(
473 if ( stream.avail_out == 0 )
474 {
475 /* Protect against output buffer overflow */
476 - if ( outsize > INT_MAX / 2 )
477 + if ( outsize > UINT_MAX / 2 )
478 {
479 DOMPRINTF("BZIP2: output buffer overflow");
480 free(out_buf);
481 goto bzip2_cleanup;
482 }
483
484 + if ( xc_dom_kernel_check_size(dom, outsize * 2) )
485 + {
486 + DOMPRINTF("BZIP2: output too large");
487 + free(out_buf);
488 + goto bzip2_cleanup;
489 + }
490 +
491 tmp_buf = realloc(out_buf, outsize * 2);
492 if ( tmp_buf == NULL )
493 {
494 @@ -172,9 +196,15 @@ static int _xc_try_lzma_decode(
495 unsigned char *out_buf;
496 unsigned char *tmp_buf;
497 int retval = -1;
498 - int outsize;
499 + size_t outsize;
500 const char *msg;
501
502 + if ( dom->kernel_size == 0)
503 + {
504 + DOMPRINTF("%s: Input is 0 size", what);
505 + return -1;
506 + }
507 +
508 /* sigh. We don't know up-front how much memory we are going to need
509 * for the output buffer. Allocate the output buffer to be equal
510 * the input buffer to start, and we'll realloc as needed.
511 @@ -244,13 +274,20 @@ static int _xc_try_lzma_decode(
512 if ( stream->avail_out == 0 )
513 {
514 /* Protect against output buffer overflow */
515 - if ( outsize > INT_MAX / 2 )
516 + if ( outsize > SIZE_MAX / 2 )
517 {
518 DOMPRINTF("%s: output buffer overflow", what);
519 free(out_buf);
520 goto lzma_cleanup;
521 }
522
523 + if ( xc_dom_kernel_check_size(dom, outsize * 2) )
524 + {
525 + DOMPRINTF("%s: output too large", what);
526 + free(out_buf);
527 + goto lzma_cleanup;
528 + }
529 +
530 tmp_buf = realloc(out_buf, outsize * 2);
531 if ( tmp_buf == NULL )
532 {
533 @@ -359,6 +396,12 @@ static int xc_try_lzo1x_decode(
534 0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
535 };
536
537 + /*
538 + * lzo_uint should match size_t. Check that this is the case to be
539 + * sure we won't overflow various lzo_uint fields.
540 + */
541 + XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t));
542 +
543 ret = lzo_init();
544 if ( ret != LZO_E_OK )
545 {
546 @@ -438,6 +481,14 @@ static int xc_try_lzo1x_decode(
547 if ( src_len <= 0 || src_len > dst_len || src_len > left )
548 break;
549
550 + msg = "Output buffer overflow";
551 + if ( *size > SIZE_MAX - dst_len )
552 + break;
553 +
554 + msg = "Decompressed image too large";
555 + if ( xc_dom_kernel_check_size(dom, *size + dst_len) )
556 + break;
557 +
558 msg = "Failed to (re)alloc memory";
559 tmp_buf = realloc(out_buf, *size + dst_len);
560 if ( tmp_buf == NULL )
561 diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom_core.c
562 --- tools/libxc/xc_dom_core.c Thu Oct 25 15:36:32 2012 +0200
563 +++ tools/libxc/xc_dom_core.c Fri Oct 26 16:10:55 2012 +0100
564 @@ -159,7 +159,8 @@ void *xc_dom_malloc_page_aligned(struct
565 }
566
567 void *xc_dom_malloc_filemap(struct xc_dom_image *dom,
568 - const char *filename, size_t * size)
569 + const char *filename, size_t * size,
570 + const size_t max_size)
571 {
572 struct xc_dom_mem *block = NULL;
573 int fd = -1;
574 @@ -171,6 +172,13 @@ void *xc_dom_malloc_filemap(struct xc_do
575 lseek(fd, 0, SEEK_SET);
576 *size = lseek(fd, 0, SEEK_END);
577
578 + if ( max_size && *size > max_size )
579 + {
580 + xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY,
581 + "tried to map file which is too large");
582 + goto err;
583 + }
584 +
585 block = malloc(sizeof(*block));
586 if ( block == NULL )
587 goto err;
588 @@ -222,6 +230,40 @@ char *xc_dom_strdup(struct xc_dom_image
589 }
590
591 /* ------------------------------------------------------------------------ */
592 +/* decompression buffer sizing */
593 +int xc_dom_kernel_check_size(struct xc_dom_image *dom, size_t sz)
594 +{
595 + /* No limit */
596 + if ( !dom->max_kernel_size )
597 + return 0;
598 +
599 + if ( sz > dom->max_kernel_size )
600 + {
601 + xc_dom_panic(dom->xch, XC_INVALID_KERNEL,
602 + "kernel image too large");
603 + return 1;
604 + }
605 +
606 + return 0;
607 +}
608 +
609 +int xc_dom_ramdisk_check_size(struct xc_dom_image *dom, size_t sz)
610 +{
611 + /* No limit */
612 + if ( !dom->max_ramdisk_size )
613 + return 0;
614 +
615 + if ( sz > dom->max_ramdisk_size )
616 + {
617 + xc_dom_panic(dom->xch, XC_INVALID_KERNEL,
618 + "ramdisk image too large");
619 + return 1;
620 + }
621 +
622 + return 0;
623 +}
624 +
625 +/* ------------------------------------------------------------------------ */
626 /* read files, copy memory blocks, with transparent gunzip */
627
628 size_t xc_dom_check_gzip(xc_interface *xch, void *blob, size_t ziplen)
629 @@ -235,7 +277,7 @@ size_t xc_dom_check_gzip(xc_interface *x
630
631 gzlen = blob + ziplen - 4;
632 unziplen = gzlen[3] << 24 | gzlen[2] << 16 | gzlen[1] << 8 | gzlen[0];
633 - if ( (unziplen < 0) || (unziplen > (1024*1024*1024)) ) /* 1GB limit */
634 + if ( (unziplen < 0) || (unziplen > XC_DOM_DECOMPRESS_MAX) )
635 {
636 xc_dom_printf
637 (xch,
638 @@ -288,6 +330,9 @@ int xc_dom_try_gunzip(struct xc_dom_imag
639 if ( unziplen == 0 )
640 return 0;
641
642 + if ( xc_dom_kernel_check_size(dom, unziplen) )
643 + return 0;
644 +
645 unzip = xc_dom_malloc(dom, unziplen);
646 if ( unzip == NULL )
647 return -1;
648 @@ -588,6 +633,9 @@ struct xc_dom_image *xc_dom_allocate(xc_
649 memset(dom, 0, sizeof(*dom));
650 dom->xch = xch;
651
652 + dom->max_kernel_size = XC_DOM_DECOMPRESS_MAX;
653 + dom->max_ramdisk_size = XC_DOM_DECOMPRESS_MAX;
654 +
655 if ( cmdline )
656 dom->cmdline = xc_dom_strdup(dom, cmdline);
657 if ( features )
658 @@ -608,10 +656,25 @@ struct xc_dom_image *xc_dom_allocate(xc_
659 return NULL;
660 }
661
662 +int xc_dom_kernel_max_size(struct xc_dom_image *dom, size_t sz)
663 +{
664 + DOMPRINTF("%s: kernel_max_size=%zx", __FUNCTION__, sz);
665 + dom->max_kernel_size = sz;
666 + return 0;
667 +}
668 +
669 +int xc_dom_ramdisk_max_size(struct xc_dom_image *dom, size_t sz)
670 +{
671 + DOMPRINTF("%s: ramdisk_max_size=%zx", __FUNCTION__, sz);
672 + dom->max_ramdisk_size = sz;
673 + return 0;
674 +}
675 +
676 int xc_dom_kernel_file(struct xc_dom_image *dom, const char *filename)
677 {
678 DOMPRINTF("%s: filename=\"%s\"", __FUNCTION__, filename);
679 - dom->kernel_blob = xc_dom_malloc_filemap(dom, filename, &dom->kernel_size);
680 + dom->kernel_blob = xc_dom_malloc_filemap(dom, filename, &dom->kernel_size,
681 + dom->max_kernel_size);
682 if ( dom->kernel_blob == NULL )
683 return -1;
684 return xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size);
685 @@ -621,7 +684,9 @@ int xc_dom_ramdisk_file(struct xc_dom_im
686 {
687 DOMPRINTF("%s: filename=\"%s\"", __FUNCTION__, filename);
688 dom->ramdisk_blob =
689 - xc_dom_malloc_filemap(dom, filename, &dom->ramdisk_size);
690 + xc_dom_malloc_filemap(dom, filename, &dom->ramdisk_size,
691 + dom->max_ramdisk_size);
692 +
693 if ( dom->ramdisk_blob == NULL )
694 return -1;
695 // return xc_dom_try_gunzip(dom, &dom->ramdisk_blob, &dom->ramdisk_size);
696 @@ -781,7 +846,11 @@ int xc_dom_build_image(struct xc_dom_ima
697 void *ramdiskmap;
698
699 unziplen = xc_dom_check_gzip(dom->xch, dom->ramdisk_blob, dom->ramdisk_size);
700 + if ( xc_dom_ramdisk_check_size(dom, unziplen) != 0 )
701 + unziplen = 0;
702 +
703 ramdisklen = unziplen ? unziplen : dom->ramdisk_size;
704 +
705 if ( xc_dom_alloc_segment(dom, &dom->ramdisk_seg, "ramdisk", 0,
706 ramdisklen) != 0 )
707 goto err;
708
709
710
711
712
713 1.1 app-emulation/xen-pvgrub/files/xen-4.2.0-jserver.patch
714
715 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4.2.0-jserver.patch?rev=1.1&view=markup
716 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4.2.0-jserver.patch?rev=1.1&content-type=text/plain
717
718 Index: xen-4.2.0-jserver.patch
719 ===================================================================
720 diff -ur xen-4.2.0.orig/tools/tests/x86_emulator/Makefile xen-4.2.0/tools/tests/x86_emulator/Makefile
721 --- tools/tests/x86_emulator/Makefile 2012-09-17 18:21:19.000000000 +0800
722 +++ tools/tests/x86_emulator/Makefile 2012-11-24 05:06:24.355778737 +0800
723 @@ -14,13 +14,13 @@
724 .PHONY: blowfish.h
725 blowfish.h:
726 rm -f blowfish.bin
727 - XEN_TARGET_ARCH=x86_32 make -f blowfish.mk all
728 + XEN_TARGET_ARCH=x86_32 $(MAKE) -f blowfish.mk all
729 (echo "static unsigned int blowfish32_code[] = {"; \
730 od -v -t x blowfish.bin | sed 's/^[0-9]* /0x/' | sed 's/ /, 0x/g' | sed 's/$$/,/';\
731 echo "};") >$@
732 rm -f blowfish.bin
733 ifeq ($(XEN_COMPILE_ARCH),x86_64)
734 - XEN_TARGET_ARCH=x86_64 make -f blowfish.mk all
735 + XEN_TARGET_ARCH=x86_64 $(MAKE) -f blowfish.mk all
736 (echo "static unsigned int blowfish64_code[] = {"; \
737 od -v -t x blowfish.bin | sed 's/^[0-9]* /0x/' | sed 's/ /, 0x/g' | sed 's/$$/,/';\
738 echo "};") >>$@
739
740
741
742
743 1.1 app-emulation/xen-pvgrub/files/xen-4-CVE-2012-6075-XSA-41.patch
744
745 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-6075-XSA-41.patch?rev=1.1&view=markup
746 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-6075-XSA-41.patch?rev=1.1&content-type=text/plain
747
748 Index: xen-4-CVE-2012-6075-XSA-41.patch
749 ===================================================================
750 authorMichael Contreras <michael@×××××××.com>
751 Mon, 3 Dec 2012 04:11:22 +0000 (20:11 -0800)
752 committerAnthony Liguori <aliguori@××××××.com>
753 Mon, 3 Dec 2012 14:14:10 +0000 (08:14 -0600)
754
755 The e1000_receive function for the e1000 needs to discard packets longer than
756 1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes
757 this behavior and allocates memory based on this assumption.
758
759 Signed-off-by: Michael Contreras <michael@×××××××.com>
760 Signed-off-by: Anthony Liguori <aliguori@××××××.com>
761 hw/e1000.c
762
763 --- tools/qemu-xen/hw/e1000.c
764 +++ tools/qemu-xen/hw/e1000.c
765 @@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
766 #define PNPMMIO_SIZE 0x20000
767 #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
768
769 +/* this is the size past which hardware will drop packets when setting LPE=0 */
770 +#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
771 +
772 /*
773 * HW models:
774 * E1000_DEV_ID_82540EM works with Windows and Linux
775 @@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
776 size = sizeof(min_buf);
777 }
778
779 + /* Discard oversized packets if !LPE and !SBP. */
780 + if (size > MAXIMUM_ETHERNET_VLAN_SIZE
781 + && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
782 + && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
783 + return size;
784 + }
785 +
786 if (!receive_filter(s, buf, size))
787 return size;
Report Message
Find on MARC Find on Google Groups