head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.2
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2013Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2013.05.03.16.48.38;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2013.04.19.14.03.52;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2013.04.19.14.03.52;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2013.04.24.21.11.06;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to 4.1.5
This integrates fixes for all vulnerabilities which were patched
in pkgsrc before.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
 * ACPI APEI/ERST finally working on production systems
 * Bug fixes for other low level system state handling
 * Support for xz compressed Dom0 and DomU kernels
@
text
@$NetBSD: patch-CVE-2013-0215-2,v 1.1 2013/04/19 14:03:52 bouyer Exp $

http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html

--- ocaml/libs/xb/xs_ring_stubs.c.orig
+++ ocaml/libs/xb/xs_ring_stubs.c
@@@@ -39,21 +39,23 @@@@ static int xs_ring_read(struct mmap_interface *interface,
                              char *buffer, int len)
 {
 	struct xenstore_domain_interface *intf = interface->addr;
-	XENSTORE_RING_IDX cons, prod;
+	XENSTORE_RING_IDX cons, prod; /* offsets only */
 	int to_read;
 
-	cons = intf->req_cons;
-	prod = intf->req_prod;
+	cons = *(volatile uint32*)&intf->req_cons;
+	prod = *(volatile uint32*)&intf->req_prod;
 	xen_mb();
 	if (prod == cons)
 		return 0;
-	if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons)) 
+	cons = MASK_XENSTORE_IDX(cons);
+	prod = MASK_XENSTORE_IDX(prod);
+	if (prod > cons)
 		to_read = prod - cons;
 	else
-		to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons);
+		to_read = XENSTORE_RING_SIZE - cons;
 	if (to_read < len)
 		len = to_read;
-	memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len);
+	memcpy(buffer, intf->req + cons, len);
 	xen_mb();
 	intf->req_cons += len;
 	return len;
@@@@ -66,8 +68,8 @@@@ static int xs_ring_write(struct mmap_interface *interface,
 	XENSTORE_RING_IDX cons, prod;
 	int can_write;
 
-	cons = intf->rsp_cons;
-	prod = intf->rsp_prod;
+	cons = *(volatile uint32*)&intf->rsp_cons;
+	prod = *(volatile uint32*)&intf->rsp_prod;
 	xen_mb();
 	if ( (prod - cons) >= XENSTORE_RING_SIZE )
 		return 0;
@


1.1
log
@Add patch from Xen security advisory:
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html
@
text
@d1 1
a1 1
$NetBSD: patch-CVE-2012-6075,v 1.1 2013/01/20 15:21:55 drochner Exp $
@


1.1.2.1
log
@file patch-CVE-2013-0215-2 was added on branch pkgsrc-2013Q1 on 2013-04-24 21:11:06 +0000
@
text
@d1 47
@


1.1.2.2
log
@Pullup ticket #4124 - requested by bouyer
sysutils/xentools41: security patch

Revisions pulled up:
- sysutils/xentools41/Makefile                                  1.30-1.31
- sysutils/xentools41/distinfo                                  1.27-1.28
- sysutils/xentools41/patches/patch-.._.._ipxe_src_arch_i386_include_librm.h 1.1
- sysutils/xentools41/patches/patch-.._.._ipxe_src_core_settings.c 1.1
- sysutils/xentools41/patches/patch-.._.._ipxe_src_net_tls.c    1.1
- sysutils/xentools41/patches/patch-.._Config.mk                1.1
- sysutils/xentools41/patches/patch-CVE-2013-0215-1             1.1
- sysutils/xentools41/patches/patch-CVE-2013-0215-2             1.1
- sysutils/xentools41/patches/patch-firmware_hvmloader_Makefile 1.1
- sysutils/xentools41/patches/patch-libcx_xc__dom__boot.c       1.1
- sysutils/xentools41/patches/patch-xenstat_libxenstat_Makefile 1.1

---
   Module Name:    pkgsrc
   Committed By:   joerg
   Date:           Thu Apr 11 19:57:53 UTC 2013

   Modified Files:
           pkgsrc/sysutils/xenkernel3: Makefile distinfo
           pkgsrc/sysutils/xenkernel3/patches: patch-cw
           pkgsrc/sysutils/xenkernel33: Makefile distinfo
           pkgsrc/sysutils/xenkernel41: Makefile distinfo
           pkgsrc/sysutils/xentools3: Makefile distinfo
           pkgsrc/sysutils/xentools3-hvm: Makefile distinfo
           pkgsrc/sysutils/xentools3/patches: patch-.._patch-Config.mk patch-cg
           pkgsrc/sysutils/xentools33: Makefile distinfo
           pkgsrc/sysutils/xentools33/patches: patch-ab
           pkgsrc/sysutils/xentools41: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/xenkernel3/patches: patch-xen_arch_x86_hvm_io.c
               patch-xen_arch_x86_string.c
           pkgsrc/sysutils/xenkernel33/patches: patch-Config.mk patch-xen_Makefile
               patch-xen_arch_x86_Rules.mk
           pkgsrc/sysutils/xenkernel41/patches: patch-Config.mk patch-xen_Makefile
               patch-xen_arch_x86_Rules.mk patch-xen_arch_x86_cpu_mcheck_vmce.c
               patch-xen_arch_x86_time.c
           pkgsrc/sysutils/xentools3-hvm/patches: patch-.._patch-Config.mk
           pkgsrc/sysutils/xentools3/patches: patch-libxc_xc__dom__x86.c
           pkgsrc/sysutils/xentools33/patches: patch-blktap_drivers_block-qcow.c
               patch-ioemu_block-vvfat.c
           pkgsrc/sysutils/xentools41/patches:
               patch-.._.._ipxe_src_arch_i386_include_librm.h
               patch-.._.._ipxe_src_core_settings.c patch-.._.._ipxe_src_net_tls.c
               patch-.._Config.mk patch-firmware_hvmloader_Makefile
               patch-libcx_xc__dom__boot.c patch-xenstat_libxenstat_Makefile

   Log Message:
   Allow building Xen infrastructure with Clang. Fix various bugs in
   xenkernel3, xenkernel41, xentools3 and xentools41 exposed by Clang
   default warnings. Bump revisions for those.

---
   Module Name:    pkgsrc
   Committed By:   bouyer
   Date:           Fri Apr 19 14:03:52 UTC 2013

   Modified Files:
           pkgsrc/sysutils/xentools41: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/xentools41/patches: patch-CVE-2013-0215-1
               patch-CVE-2013-0215-2

   Log Message:
   Add patch from Xen security advisory:
   http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html
@
text
@a0 47
$NetBSD$

http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html

--- ocaml/libs/xb/xs_ring_stubs.c.orig
+++ ocaml/libs/xb/xs_ring_stubs.c
@@@@ -39,21 +39,23 @@@@ static int xs_ring_read(struct mmap_interface *interface,
                              char *buffer, int len)
 {
 	struct xenstore_domain_interface *intf = interface->addr;
-	XENSTORE_RING_IDX cons, prod;
+	XENSTORE_RING_IDX cons, prod; /* offsets only */
 	int to_read;
 
-	cons = intf->req_cons;
-	prod = intf->req_prod;
+	cons = *(volatile uint32*)&intf->req_cons;
+	prod = *(volatile uint32*)&intf->req_prod;
 	xen_mb();
 	if (prod == cons)
 		return 0;
-	if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons)) 
+	cons = MASK_XENSTORE_IDX(cons);
+	prod = MASK_XENSTORE_IDX(prod);
+	if (prod > cons)
 		to_read = prod - cons;
 	else
-		to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons);
+		to_read = XENSTORE_RING_SIZE - cons;
 	if (to_read < len)
 		len = to_read;
-	memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len);
+	memcpy(buffer, intf->req + cons, len);
 	xen_mb();
 	intf->req_cons += len;
 	return len;
@@@@ -66,8 +68,8 @@@@ static int xs_ring_write(struct mmap_interface *interface,
 	XENSTORE_RING_IDX cons, prod;
 	int can_write;
 
-	cons = intf->rsp_cons;
-	prod = intf->rsp_prod;
+	cons = *(volatile uint32*)&intf->rsp_cons;
+	prod = *(volatile uint32*)&intf->rsp_prod;
 	xen_mb();
 	if ( (prod - cons) >= XENSTORE_RING_SIZE )
 		return 0;
@