head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.42
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.22
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.44
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.40
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.38
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.36
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.34
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.32
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.30
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.28
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.26
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.24
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.20
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.18
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.16
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.14
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.12
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.10
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.8
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.6
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.4
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.2
	pkgsrc-2015Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.23;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2015.03.05.13.44.57;	author spz;	state Exp;
branches;
next	;
commitid	ylcyRhSaAmOxdqcy;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-CVE-2015-2045,v 1.1 2015/03/05 13:44:57 spz Exp $

pre-fill structures for certain HYPERVISOR_xen_version sub-ops

... avoiding to pass hypervisor stack contents back to the caller
through space unused by the respective strings.

This is CVE-2015-2045 / XSA-122.

Signed-off-by: Aaron Adams <Aaron.Adams@@nccgroup.com>
Acked-by: Jan Beulich <jbeulich@@suse.com>
Acked-by: Ian Campbell <ian.campbell@@citrix.com>

--- xen/common/kernel.c.orig	2014-09-02 06:22:57.000000000 +0000
+++ xen/common/kernel.c
@@@@ -216,6 +216,8 @@@@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
     case XENVER_extraversion:
     {
         xen_extraversion_t extraversion;
+
+        memset(extraversion, 0, sizeof(extraversion));
         safe_strcpy(extraversion, xen_extra_version());
         if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) )
             return -EFAULT;
@@@@ -225,6 +227,8 @@@@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
     case XENVER_compile_info:
     {
         struct xen_compile_info info;
+
+        memset(&info, 0, sizeof(info));
         safe_strcpy(info.compiler,       xen_compiler());
         safe_strcpy(info.compile_by,     xen_compile_by());
         safe_strcpy(info.compile_domain, xen_compile_domain());
@@@@ -260,6 +264,8 @@@@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
     case XENVER_changeset:
     {
         xen_changeset_info_t chgset;
+
+        memset(chgset, 0, sizeof(chgset));
         safe_strcpy(chgset, xen_changeset());
         if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) )
             return -EFAULT;
@


1.1
log
@Add patches for XSA-121 and XSA-122 from upstream.
@
text
@d1 1
a1 1
$NetBSD$
@