head	1.2;
access;
symbols
	pkgsrc-2021Q1:1.1.0.4
	pkgsrc-2021Q1-base:1.1
	pkgsrc-2020Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2021.03.30.06.59.03;	author bouyer;	state dead;
branches;
next	1.1;
commitid	0qeTE1RWBrm5HiNC;

1.1
date	2021.02.03.22.27.16;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;
commitid	QOP6jD82GSUuCjGC;

1.1.2.1
date	2021.02.03.22.27.16;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	5HgW8JnukcjuoUHC;

1.1.2.2
date	2021.02.16.07.57.46;	author bsiegert;	state Exp;
branches;
next	;
commitid	5HgW8JnukcjuoUHC;


desc
@@


1.2
log
@Update xentools413 and xentools413 to 4.13.3.
Changes since 4.13.2: inlcude security fixes for all XSA known to date
(up to XSA-369). Other minor bug fixes.
@
text
@$NetBSD: patch-XSA355,v 1.1 2021/02/03 22:27:16 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: memory: fix off-by-one in XSA-346 change

The comparison against ARRAY_SIZE() needs to be >= in order to avoid
overrunning the pages[] array.

This is XSA-355.

Fixes: 5777a3742d88 ("IOMMU: hold page ref until after deferred TLB flush")
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Julien Grall <jgrall@@amazon.com>

--- xen/common/memory.c.orig
+++ xen/common/memory.c
@@@@ -854,7 +854,7 @@@@ int xenmem_add_to_physmap(struct domain
             ++extra.ppage;
 
         /* Check for continuation if it's not the last iteration. */
-        if ( (++done > ARRAY_SIZE(pages) && extra.ppage) ||
+        if ( (++done >= ARRAY_SIZE(pages) && extra.ppage) ||
              (xatp->size > done && hypercall_preempt_check()) )
         {
             rc = start + done;
@


1.1
log
@Add upstream patches for Xen security advisory 355 and 360.
Bump PKGREVSION
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.2.1
log
@file patch-XSA355 was added on branch pkgsrc-2020Q4 on 2021-02-16 07:57:46 +0000
@
text
@d1 25
@


1.1.2.2
log
@Pullup ticket #6422 - requested by bouyer
sysutils/xenkernel413: security fix

Revisions pulled up:
- sysutils/xenkernel413/Makefile                                1.12
- sysutils/xenkernel413/distinfo                                1.9
- sysutils/xenkernel413/patches/patch-XSA355                    1.1
- sysutils/xenkernel413/patches/patch-XSA360                    1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Feb  3 22:27:16 UTC 2021

   Modified Files:
   	pkgsrc/sysutils/xenkernel413: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel413/patches: patch-XSA355 patch-XSA360

   Log Message:
   Add upstream patches for Xen security advisory 355 and 360.
   Bump PKGREVSION
@
text
@a0 25
$NetBSD: patch-XSA355,v 1.1 2021/02/03 22:27:16 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: memory: fix off-by-one in XSA-346 change

The comparison against ARRAY_SIZE() needs to be >= in order to avoid
overrunning the pages[] array.

This is XSA-355.

Fixes: 5777a3742d88 ("IOMMU: hold page ref until after deferred TLB flush")
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Julien Grall <jgrall@@amazon.com>

--- xen/common/memory.c.orig
+++ xen/common/memory.c
@@@@ -854,7 +854,7 @@@@ int xenmem_add_to_physmap(struct domain
             ++extra.ppage;
 
         /* Check for continuation if it's not the last iteration. */
-        if ( (++done > ARRAY_SIZE(pages) && extra.ppage) ||
+        if ( (++done >= ARRAY_SIZE(pages) && extra.ppage) ||
              (xatp->size > done && hypercall_preempt_check()) )
         {
             rc = start + done;
@