head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.38
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.18
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.40
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.36
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.34
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.32
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.30
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.28
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.26
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.24
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.22
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.20
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.16
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.14
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.12
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.10
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.8
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.6
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.4
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.2
	pkgsrc-2015Q3-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.24;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2015.08.23.16.17.12;	author spz;	state Exp;
branches;
next	;
commitid	wb2SmuzLFycvzpyy;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-CVE-2015-5154,v 1.1 2015/08/23 16:17:12 spz Exp $

patch for CVE-2015-5154 aka XSA-138 from
http://xenbits.xen.org/xsa/xsa138-qemut-1.patch
http://xenbits.xen.org/xsa/xsa138-qemut-2.patch
http://xenbits.xen.org/xsa/xsa138-qemuu-1.patch
http://xenbits.xen.org/xsa/xsa138-qemuu-3.patch

--- qemu-xen/hw/ide/core.c.orig	2015-08-23 09:31:00.000000000 +0000
+++ qemu-xen/hw/ide/core.c
@@@@ -1666,8 +1666,10 @@@@ void ide_data_writew(void *opaque, uint3
     *(uint16_t *)p = le16_to_cpu(val);
     p += 2;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
 }
 
 uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@@@ -1691,8 +1693,10 @@@@ uint32_t ide_data_readw(void *opaque, ui
     ret = cpu_to_le16(*(uint16_t *)p);
     p += 2;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
     return ret;
 }
 
@@@@ -1716,8 +1720,10 @@@@ void ide_data_writel(void *opaque, uint3
     *(uint32_t *)p = le32_to_cpu(val);
     p += 4;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
 }
 
 uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@@@ -1741,8 +1747,10 @@@@ uint32_t ide_data_readl(void *opaque, ui
     ret = cpu_to_le32(*(uint32_t *)p);
     p += 4;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
     return ret;
 }

--- qemu-xen-traditional/hw/ide.c.orig        2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/ide.c
@@@@ -3002,11 +3006,17 @@@@ static void ide_data_writew(void *opaque
     buffered_pio_write(s, addr, 2);
 
     p = s->data_ptr;
+    if (p + 2 > s->data_end) {
+        return;
+    }
+
     *(uint16_t *)p = le16_to_cpu(val);
     p += 2;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
 }
 
 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@@@ -3021,11 +3031,17 @@@@ static uint32_t ide_data_readw(void *opa
     buffered_pio_read(s, addr, 2);
 
     p = s->data_ptr;
+    if (p + 2 > s->data_end) {
+        return 0;
+    }
+
     ret = cpu_to_le16(*(uint16_t *)p);
     p += 2;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
     return ret;
 }
 
@@@@ -3040,11 +3056,17 @@@@ static void ide_data_writel(void *opaque
     buffered_pio_write(s, addr, 4);
 
     p = s->data_ptr;
+    if (p + 4 > s->data_end) {
+        return;
+    }
+
     *(uint32_t *)p = le32_to_cpu(val);
     p += 4;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
 }
 
 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@@@ -3059,11 +3081,17 @@@@ static uint32_t ide_data_readl(void *opa
     buffered_pio_read(s, addr, 4);
 
     p = s->data_ptr;
+    if (p + 4 > s->data_end) {
+        return 0;
+    }
+
     ret = cpu_to_le32(*(uint32_t *)p);
     p += 4;
     s->data_ptr = p;
-    if (p >= s->data_end)
+    if (p >= s->data_end) {
+        s->status &= ~DRQ_STAT;
         s->end_transfer_func(s);
+    }
     return ret;
 }
 
@


1.1
log
@Apply patches for XSA-128 to XSA-140 from upstream

do a patch refresh in xentools42

rather than split the patches for pass-through.c over 5 files, delete
xentools42/patches/patch-CVE-2015-2756 and assemble all in
xentools42/patches/patch-qemu-xen-traditional_hw_pass-through.c
@
text
@d1 1
a1 1
$NetBSD$
@