head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.2
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2013Q1:1.1.0.2
	pkgsrc-2013Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2013.05.03.16.48.38;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2013.01.20.15.21.55;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to 4.1.5
This integrates fixes for all vulnerabilities which were patched
in pkgsrc before.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
 * ACPI APEI/ERST finally working on production systems
 * Bug fixes for other low level system state handling
 * Support for xz compressed Dom0 and DomU kernels
@
text
@$NetBSD: patch-CVE-2012-6075,v 1.1 2013/01/20 15:21:55 drochner Exp $

see http://lists.xen.org/archives/html/xen-devel/2013-01/msg01070.html

--- ioemu-qemu-xen/hw/e1000.c.orig	2012-11-13 18:25:17.000000000 +0000
+++ ioemu-qemu-xen/hw/e1000.c
@@@@ -55,6 +55,11 @@@@ static int debugflags = DBGBIT(TXERR) | 
 #define REG_IOADDR 0x0
 #define REG_IODATA 0x4
 
+/* this is the size past which hardware will drop packets when setting LPE=0 */
+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+/* this is the size past which hardware will drop packets when setting LPE=1 */
+#define MAXIMUM_ETHERNET_LPE_SIZE 16384
+
 /*
  * HW models:
  *  E1000_DEV_ID_82540EM works with Windows and Linux
@@@@ -628,6 +633,15 @@@@ e1000_receive(void *opaque, const uint8_
         return;
     }
 
+    /* Discard oversized packets if !LPE and !SBP. */
+    if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
+	(size > MAXIMUM_ETHERNET_VLAN_SIZE
+	&& !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
+	&& !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
+	DBGOUT(RX, "packet too large for applicable LPE/VLAN size\n");
+	return;
+    }
+
     if (!receive_filter(s, buf, size))
         return;
 
@


1.1
log
@oops, a patch was in the wrong sub-pkg
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD: patch-CVE-2012-6075,v 1.1 2013/01/17 19:37:55 drochner Exp $
@