head 1.2; access; symbols pkgsrc-2020Q2:1.1.0.38 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.18 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.40 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.36 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.34 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.32 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.30 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.28 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.26 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.24 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.22 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.20 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.16 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.14 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.12 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.10 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.8 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.6 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.4 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.2 pkgsrc-2015Q3-base:1.1; locks; strict; comment @# @; 1.2 date 2020.08.19.10.39.24; author bouyer; state dead; branches; next 1.1; commitid DGAMglRf0Jde6FkC; 1.1 date 2015.08.23.16.17.12; author spz; state Exp; branches; next ; commitid wb2SmuzLFycvzpyy; desc @@ 1.2 log @Remove xenkernel and xentools packages older than 4.11. They're not maintained anymore upstream, and don't build on supported NetBSD releases. @ text @$NetBSD: patch-CVE-2015-3259,v 1.1 2015/08/23 16:17:12 spz Exp $ patch for CVE-2015-3259 aka XSA-137 from http://xenbits.xen.org/xsa/xsa137.patch --- libxl/xl_cmdimpl.c.orig 2014-09-02 06:22:57.000000000 +0000 +++ libxl/xl_cmdimpl.c @@@@ -135,7 +135,7 @@@@ struct domain_create { int vncautopass; int console_autoconnect; const char *config_file; - const char *extra_config; /* extra config string */ + char *extra_config; /* extra config string */ const char *restore_file; int migrate_fd; /* -1 means none */ char **migration_domname_r; /* from malloc */ @@@@ -3815,11 +3815,25 @@@@ int main_vm_list(int argc, char **argv) return 0; } +static void string_realloc_append(char **accumulate, const char *more) +{ + /* Appends more to accumulate. Accumulate is either NULL, or + * points (always) to a malloc'd nul-terminated string. */ + + size_t oldlen = *accumulate ? strlen(*accumulate) : 0; + size_t morelen = strlen(more) + 1/*nul*/; + if (oldlen > SSIZE_MAX || morelen > SSIZE_MAX - oldlen) { + fprintf(stderr,"Additional config data far too large\n"); + exit(-ERROR_FAIL); + } + + *accumulate = xrealloc(*accumulate, oldlen + morelen); + memcpy(*accumulate + oldlen, more, morelen); +} + int main_create(int argc, char **argv) { const char *filename = NULL; - char *p; - char extra_config[1024]; struct domain_create dom_info; int paused = 0, debug = 0, daemonize = 1, console_autoconnect = 0, quiet = 0, monitor = 1, vnc = 0, vncautopass = 0; @@@@ -3835,6 +3849,8 @@@@ int main_create(int argc, char **argv) {0, 0, 0, 0} }; + dom_info.extra_config = NULL; + if (argv[1] && argv[1][0] != '-' && !strchr(argv[1], '=')) { filename = argv[1]; argc--; argv++; @@@@ -3886,20 +3902,21 @@@@ int main_create(int argc, char **argv) } } - extra_config[0] = '\0'; - for (p = extra_config; optind < argc; optind++) { + memset(&dom_info, 0, sizeof(dom_info)); + + for (; optind < argc; optind++) { if (strchr(argv[optind], '=') != NULL) { - p += snprintf(p, sizeof(extra_config) - (p - extra_config), - "%s\n", argv[optind]); + string_realloc_append(&dom_info.extra_config, argv[optind]); + string_realloc_append(&dom_info.extra_config, "\n"); } else if (!filename) { filename = argv[optind]; } else { help("create"); + free(dom_info.extra_config); return 2; } } - memset(&dom_info, 0, sizeof(dom_info)); dom_info.debug = debug; dom_info.daemonize = daemonize; dom_info.monitor = monitor; @@@@ -3907,24 +3924,25 @@@@ int main_create(int argc, char **argv) dom_info.dryrun = dryrun_only; dom_info.quiet = quiet; dom_info.config_file = filename; - dom_info.extra_config = extra_config; dom_info.migrate_fd = -1; dom_info.vnc = vnc; dom_info.vncautopass = vncautopass; dom_info.console_autoconnect = console_autoconnect; rc = create_domain(&dom_info); - if (rc < 0) + if (rc < 0) { + free(dom_info.extra_config); return -rc; + } + free(dom_info.extra_config); return 0; } int main_config_update(int argc, char **argv) { const char *filename = NULL; - char *p; - char extra_config[1024]; + char *extra_config = NULL; void *config_data = 0; int config_len = 0; libxl_domain_config d_config; @@@@ -3972,15 +3990,15 @@@@ int main_config_update(int argc, char ** } } - extra_config[0] = '\0'; - for (p = extra_config; optind < argc; optind++) { + for (; optind < argc; optind++) { if (strchr(argv[optind], '=') != NULL) { - p += snprintf(p, sizeof(extra_config) - (p - extra_config), - "%s\n", argv[optind]); + string_realloc_append(&extra_config, argv[optind]); + string_realloc_append(&extra_config, "\n"); } else if (!filename) { filename = argv[optind]; } else { help("create"); + free(extra_config); return 2; } } @@@@ -3989,7 +4007,8 @@@@ int main_config_update(int argc, char ** rc = libxl_read_file_contents(ctx, filename, &config_data, &config_len); if (rc) { fprintf(stderr, "Failed to read config file: %s: %s\n", - filename, strerror(errno)); return ERROR_FAIL; } + filename, strerror(errno)); + free(extra_config); return ERROR_FAIL; } if (strlen(extra_config)) { if (config_len > INT_MAX - (strlen(extra_config) + 2 + 1)) { fprintf(stderr, "Failed to attach extra configration\n"); @@@@ -4030,7 +4049,7 @@@@ int main_config_update(int argc, char ** libxl_domain_config_dispose(&d_config); free(config_data); - + free(extra_config); return 0; } @@@@ -6000,7 +6019,7 @@@@ int main_cpupoolcreate(int argc, char ** { const char *filename = NULL, *config_src=NULL; const char *p; - char extra_config[1024]; + char *extra_config = NULL; int opt; int option_index = 0; static struct option long_options[] = { @@@@ -6047,13 +6066,10 @@@@ int main_cpupoolcreate(int argc, char ** } } - memset(extra_config, 0, sizeof(extra_config)); while (optind < argc) { if ((p = strchr(argv[optind], '='))) { - if (strlen(extra_config) + 1 + strlen(argv[optind]) < sizeof(extra_config)) { - strcat(extra_config, "\n"); - strcat(extra_config, argv[optind]); - } + string_realloc_append(&extra_config, "\n"); + string_realloc_append(&extra_config, argv[optind]); } else if (!filename) { filename = argv[optind]; } else { @ 1.1 log @Apply patches for XSA-128 to XSA-140 from upstream do a patch refresh in xentools42 rather than split the patches for pass-through.c over 5 files, delete xentools42/patches/patch-CVE-2015-2756 and assemble all in xentools42/patches/patch-qemu-xen-traditional_hw_pass-through.c @ text @d1 1 a1 1 $NetBSD$ @