head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.2
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2013Q1:1.2.0.2
	pkgsrc-2013Q1-base:1.2
	pkgsrc-2012Q4:1.1.0.2
	pkgsrc-2012Q4-base:1.1;
locks; strict;
comment	@# @;


1.3
date	2013.05.03.16.48.37;	author drochner;	state dead;
branches;
next	1.2;

1.2
date	2013.01.17.19.37.55;	author drochner;	state Exp;
branches;
next	1.1;

1.1
date	2012.12.05.19.16.27;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.3
log
@update to 4.1.5
This integrates fixes for all vulnerabilities which were patched
in pkgsrc before.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
 * ACPI APEI/ERST finally working on production systems
 * Bug fixes for other low level system state handling
 * Support for xz compressed Dom0 and DomU kernels
@
text
@$NetBSD: patch-CVE-2012-5511_2,v 1.2 2013/01/17 19:37:55 drochner Exp $

see http://lists.xen.org/archives/html/xen-devel/2013-01/msg01193.html

--- xen/arch/x86/mm/paging.c.orig	2012-12-18 12:54:25.000000000 +0000
+++ xen/arch/x86/mm/paging.c
@@@@ -534,7 +534,8 @@@@ int paging_log_dirty_range(struct domain
 
         size = ((nr + BITS_PER_LONG - 1) / BITS_PER_LONG) * sizeof (long);
         rv = 0;
-        for ( off = 0; !rv && off < size; off += sizeof zeroes )
+	off = 0;
+	while ( !rv && off < size )
         {
             int todo = min(size - off, (int) PAGE_SIZE);
             if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) )
@


1.2
log
@update to 4.1.4
changes:
-fixes for many vulnerabilities (were mostly patched in pkgsrc)
-bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:
 -A fix for a long standing time management issue
 -Bug fixes for S3 (suspend to RAM) handling
 -Bug fixes for other low level system state handling

pkgsrc note:
fixes for CVE-2012-5634 (interrupt issue on IOMMU systems)
and CVE-2012-6075 (oversized packets from e1000 driver)
are already included
@
text
@d1 1
a1 1
$NetBSD$
@


1.1
log
@add another batch of security patches from upstream
bump PKGREV
@
text
@d3 3
a5 1
--- xen/arch/x86/mm/paging.c.orig	2012-08-10 13:51:45.000000000 +0000
d7 1
a7 1
@@@@ -529,13 +529,18 @@@@ int paging_log_dirty_range(struct domain
d9 1
a9 9
     if ( !d->arch.paging.log_dirty.fault_count &&
          !d->arch.paging.log_dirty.dirty_count ) {
-        int size = (nr + BITS_PER_LONG - 1) / BITS_PER_LONG;
-        unsigned long zeroes[size];
-        memset(zeroes, 0x00, size * BYTES_PER_LONG);
+        static uint8_t zeroes[PAGE_SIZE];
+        int off, size;
+
+        size = ((nr + BITS_PER_LONG - 1) / BITS_PER_LONG) * sizeof (long);
d11 6
a16 13
-        if ( copy_to_guest_offset(dirty_bitmap, 0, (uint8_t *) zeroes,
-                                  size * BYTES_PER_LONG) != 0 )
-            rv = -EFAULT;
+        for ( off = 0; !rv && off < size; off += sizeof zeroes )
+        {
+            int todo = min(size - off, (int) PAGE_SIZE);
+            if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) )
+                rv = -EFAULT;
+            off += todo;
+        }
         goto out;
     }
     d->arch.paging.log_dirty.fault_count = 0;
@