head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2016.09.21.17.03.38;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DpaVr9YcAfk37bnz;

1.1
date	2016.08.06.12.41.36;	author spz;	state Exp;
branches;
next	;
commitid	RZVbRxC9gzZa9fhz;


desc
@@


1.2
log
@Update xenkernel45 and xentools45 to 4.5.5.
Changes since 4.5.3: mostly bugfixes, including fixes for
security issues XSA-172, XSA-173, XSA-175, XSA-176, XSA-178, XSA-179, XSA-180,
XSA-181, XSA-182, XSA-183, XSA-184, XSA-185, XSA-186 and XSA-187.
All but XSA-175 were already fixed in pkgsrc.
Complete list of changes and links to the XSA advisories:
https://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-455.html
@
text
@$NetBSD: patch-XSA-180,v 1.1 2016/08/06 12:41:36 spz Exp $

patch for XSA-180 from upstream

--- qemu-xen-traditional/vl.c.orig	2016-01-04 15:36:03.000000000 +0000
+++ qemu-xen-traditional/vl.c
@@@@ -3753,6 +3753,50 @@@@ static void host_main_loop_wait(int *tim
 }
 #endif
 
+static void check_cve_2014_3672_xen(void)
+{
+    static unsigned long limit = ~0UL;
+    const int fd = 2;
+    struct stat stab;
+
+    if (limit == ~0UL) {
+        const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
+        /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
+        limit = s ? strtoul(s,0,0) : 1*1024*1024;
+    }
+    if (limit == 0)
+        return;
+
+    int r = fstat(fd, &stab);
+    if (r) {
+        perror("fstat stderr (for CVE-2014-3672 check)");
+        exit(-1);
+    }
+    if (!S_ISREG(stab.st_mode))
+        return;
+    if (stab.st_size <= limit)
+        return;
+
+    /* oh dear */
+    fprintf(stderr,"\r\n"
+            "Closing stderr due to CVE-2014-3672 limit. "
+            " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
+            " or 0 for no limit.\n");
+    fflush(stderr);
+
+    int nfd = open("/dev/null", O_WRONLY);
+    if (nfd < 0) {
+        perror("open /dev/null (for CVE-2014-3672 check)");
+        exit(-1);
+    }
+    r = dup2(nfd, fd);
+    if (r != fd) {
+        perror("dup2 /dev/null (for CVE-2014-3672 check)");
+        exit(-1);
+    }
+    close(nfd);
+}
+
 void main_loop_wait(int timeout)
 {
     IOHandlerRecord *ioh;
@@@@ -3762,6 +3806,8 @@@@ void main_loop_wait(int timeout)
 
     qemu_bh_update_timeout(&timeout);
 
+    check_cve_2014_3672_xen();
+
     host_main_loop_wait(&timeout);
 
     /* poll any events */
@


1.1
log
@add patches to XSAs 178 and 180 from upstream
add an initialization for a pointer where the compiler doesn't
recognize it being assigned by posix_memalign (trivial compile fix)
@
text
@d1 1
a1 1
$NetBSD: patch-XSA-180,v 1.1 2016/08/06 10:10:10 spz Exp $
@