diff options
| author |   Yixun Lan <dlan@gentoo.org> | 2014-05-17 14:17:26 +0000 |
|---|---|---|
| committer | Yixun Lan <dlan@gentoo.org> | 2014-05-17 14:17:26 +0000 |
| commit | 86d026918aea7ab46114aae2dcf2284ede918fc0 (patch) | |
| tree | 9128018f4f04cb648edcb04712328bde5e41a725 /app-emulation | |
| parent | Symlink remaining tools necessary for tests for non-native ABIs. (diff) | |
| download | historical-86d026918aea7ab46114aae2dcf2284ede918fc0.tar.gz historical-86d026918aea7ab46114aae2dcf2284ede918fc0.tar.bz2 historical-86d026918aea7ab46114aae2dcf2284ede918fc0.zip | |
tree clean old ebuilds
Package-Manager: portage-2.2.8/cvs/Linux x86_64
Manifest-Sign-Key: 0xAABEFD55
Diffstat (limited to 'app-emulation')
20 files changed, 34 insertions, 4080 deletions
diff --git a/app-emulation/xen-pvgrub/ChangeLog b/app-emulation/xen-pvgrub/ChangeLog index 15e3b4b3cf2d..1d8b1d27799f 100644 --- a/app-emulation/xen-pvgrub/ChangeLog +++ b/app-emulation/xen-pvgrub/ChangeLog @@ -1,6 +1,25 @@ # ChangeLog for app-emulation/xen-pvgrub # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.53 2014/05/17 13:34:09 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.54 2014/05/17 14:17:16 dlan Exp $ + + 17 May 2014; Yixun Lan <dlan@gentoo.org> -xen-pvgrub-4.2.2-r1.ebuild, + -xen-pvgrub-4.2.3.ebuild, -xen-pvgrub-4.3.1.ebuild, + -files/xen-4-CVE-2012-6075-XSA-41.patch, + -files/xen-4.2-CVE-2013-12to13-XSA-55.patch, + -files/xen-4.2-CVE-2013-18to19-XSA-55.patch, + -files/xen-4-CVE-2013-1922-XSA-48.patch, + -files/xen-4.2-CVE-2013-14-XSA-55.patch, + -files/xen-4.2-CVE-2013-2-XSA-55.patch, + -files/xen-4-CVE-2013-1952-XSA-49.patch, + -files/xen-4.2-CVE-2013-1-XSA-55.patch, + -files/xen-4.2-CVE-2013-16-XSA-55.patch, + -files/xen-4.2-CVE-2013-17-XSA-55.patch, + -files/xen-4.2-CVE-2013-20to23-XSA-55.patch, + -files/xen-4.2-CVE-2013-3-XSA-55.patch, + -files/xen-4.2-CVE-2013-4-XSA-55.patch, + -files/xen-4.2-CVE-2013-5to7-XSA-55.patch, + -files/xen-4.2-CVE-2013-9to10-XSA-55.patch: + tree clean old ebuilds 17 May 2014; Agostino Sarubbo <ago@gentoo.org> xen-pvgrub-4.2.4.ebuild: Stable for x86, wrt bug #509054 diff --git a/app-emulation/xen-pvgrub/Manifest b/app-emulation/xen-pvgrub/Manifest index 2cd5e19de64d..2aee6a9b0325 100644 --- a/app-emulation/xen-pvgrub/Manifest +++ b/app-emulation/xen-pvgrub/Manifest @@ -2,22 +2,7 @@ Hash: SHA256 AUX newlib-implicits.patch 5307 SHA256 34e85aa0380d10271748cdc6cb0ff3f502fe5c3113724ba8a2c2f69668970c46 SHA512 582cfa36dbb44e8abc83120d44af78a7a7cd3f7a009c65858f3d68276bf5f772b18c4692b7e68202f9ec246e29c785fa111b19bcaefc2f04f429f1b69e77d48f WHIRLPOOL 0d36e2f4ac6476522a05842ab1194e6c58d4fa6a03ae53b14b839aa4057ce55fdd6ec5fa47d28ddcaea22fed153ca60f50413cc77f9a4ded2397168395bf336b -AUX xen-4-CVE-2012-6075-XSA-41.patch 1393 SHA256 6aa21c02e94cb9b4f612c7a9d1a8f980967692b1f20346da9670abb1d7ec688c SHA512 547f63e7eaf0a6db1a9de267cc6f9aa0f28e2221f2c69ca463ada85edbc07ac84c276dcd3ee017ab8846d4e4129e182fb76be35b91ae9a0e0afecdc091e0c305 WHIRLPOOL 848359780edc15895a09bf76afeaa503f907ac98a856b52d64ef4dcb137e2319222a47cd7a2866e6f25731498f487cfca2a462fb6dfcda8404026d8acfff5bcc -AUX xen-4-CVE-2013-1922-XSA-48.patch 3846 SHA256 dc23077028584e71a08dd0dc9e81552c76744a5ce9d39df5958a95ae9cf3107b SHA512 31dd8c62d41cc0a01a79d9b24a5b793f5e2058230808d9c5364c6ff3477ab02f3258f1bbd761d97dc1b97ee120b41524b999eaac77f33b606496fc324b5fa2e4 WHIRLPOOL 6913705b070daeac8925a44585f94f78ec43cf1d7a8feeba6839499b0340a727f3c39848627bcd58217b589a932fbfce13628bdca2b815e2ddf58b9c69c11721 -AUX xen-4-CVE-2013-1952-XSA-49.patch 1877 SHA256 37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f SHA512 1e3ef057744076b9fca22c1982f33d38be06ab8e5d57e40e3160fc2850b69711a1765e4a2b037f7bc1fdb8a9f93f1649d86ea3da972ec4af147b7b80191069f8 WHIRLPOOL 43e78ad3ba597e7084b6194507839b8cc4c21f45c8fd70f00cb061a4ad22ec9ec690bf35ffffc7e02c616de5f35b329c6c4e3a9cf5ddaf23cdf0525681f70639 AUX xen-4-fix_dotconfig-gcc.patch 9551 SHA256 93c8726fc3e0bd3f54d4162a3fdace45e3c3ea24fecf5f54270c6dc55c3924ab SHA512 64bfc2dd60bf5a7db593250f9da62cdea4daa458aa8c474ec47b065f6e19509555f48d49ec8624c484d873fe947b6f9cab98cdcd2c24ca8795eb1b64b378a004 WHIRLPOOL 341506ced55ae2ad30af1696434df25ba77c665042aa82dda35d0722f0cccbe567c8cebf51c2e20e0df3084f74f7eb7a69808dea2801f911b2d3c46a293b6ba2 -AUX xen-4.2-CVE-2013-1-XSA-55.patch 12309 SHA256 03589da73c958503cc9d3a7403b07ee165cda2a61b696a12e432f071d33c8b8d SHA512 1f1e11233ae2503061f66e23bb8e438ceeb55504f9ce140a4093d7b826e42956baa477e2a02bb660e33874ea6fc671dce89094c6c8959aedf9137ff8e2efc9bd WHIRLPOOL 48fd1c4702ce347bbbc2b5a9cfc1d8198a995cc95182005625df71b4cab1b1dacc38a07d5751d17b411e76acba49ff5669c1fe9afbe208634c25a90a8eae4649 -AUX xen-4.2-CVE-2013-12to13-XSA-55.patch 12653 SHA256 0f150534386d4a54e9b8110988f2511b7f045b526e39985dc5dc904b0814b6c6 SHA512 d1c4ef396d90079c2bb4e12e2bfca1be55a12fe9d1f6388d159a996b2cd10d965c96fb84906f87e31fec6831cfd1ce38cb8964fe9b9bde3c19d37e5b88723551 WHIRLPOOL 884215d7cfd8ed1a4254d3dc41725782966f6a32929a5d74610fe350421a07b8e9d34d4b049e8f472d5d5052de8682a8837368be5007bc09e248790576cf4a3e -AUX xen-4.2-CVE-2013-14-XSA-55.patch 10103 SHA256 d9df769e1b6847a84cd85e3909acee85ce71fd3bc84945890d586388bc69cb11 SHA512 fcd09ca508e78a97169daf38ee455df6646c954bce7042259c7528b3cd2e6d24416d293b7c3b7fd4707caa29ee8d3916f07af5295341a043b350293a3dfe826f WHIRLPOOL 7d7599ca36bba2cbc9ea899dab98a231d4bdb60363aa5f5da36c00269bdb67f091e84c823c2c80cef985bfebbc8c1a3a207148c2b296084cf30d5252dee68eaf -AUX xen-4.2-CVE-2013-16-XSA-55.patch 17193 SHA256 345068acdcf4f974d78d2f579c90c6d74ac3b6ed190eae0f182e5f12ac2c48fb SHA512 f650fb7c2a874c6f748a99d228d12931cbd77b45691dbc419d1f319c37534f58bf17aa4d47792931d368b8536e98790cb54fbafe356089964fa22c6366882ad4 WHIRLPOOL 5087bb9940b70a2d8283cbad2f782bf0e0c596f6a6b2a4173a9b2410bf512d063d8f3c2639c402ae61a411006167ecbc293303d00dcb68f5fe61d584b78ff0e7 -AUX xen-4.2-CVE-2013-17-XSA-55.patch 18342 SHA256 46665bce2e48a945ac25960f5f9459e9b9b5ffdc6284c0e8622d3fa01636c3a0 SHA512 f8923756911b18996be1a4ce9d8536291b3c7fd97362b840f784854fbe68753a9044da7e1db499f2b7cb85d0bd5e067a2e3ad763b2dad1b5c3dd8d94bd0f9c87 WHIRLPOOL 94001c689fac74225abad6162b3b16f7107e1de33e46090cb17ca5e8a61472236f9cf058737802d21d4fe42546c6c5d72b3cbf3961126abfb51aeff568c2b57d -AUX xen-4.2-CVE-2013-18to19-XSA-55.patch 17592 SHA256 13686af23eba9aa4b60416376b34092c5d69bb2c9e0100063c828398fe144758 SHA512 dcf867589d1b427c97f4367155f61cb30c8cc449bb04ae216b0a432b794ad0f9743f35a96f3c3c4be69710031097261b5fb26110de0c285f4e089592cade3403 WHIRLPOOL c6cad0db64d51dfd1e700272731984a2ba06c5defe9b0df482c5d0858d0e5e8db87295b02742f6b9dffa29c573b59d34120806702b84f045ca92c1d9b6618c66 -AUX xen-4.2-CVE-2013-2-XSA-55.patch 2074 SHA256 b7673609a18525f238d411f9b150c90ecf48248542cc95ca969c9a85995768f8 SHA512 d19d0135057a313f458feeb5ce149b31133e5c43dc133e24d2058ade5838e33637bd07cfa82e9fecd98a28dbf85a598c1a70f20c7998d7fae3d5509026e1f6e2 WHIRLPOOL 3eb934e836f84d49bce89b3b79fe19a70734b8590857c1c74954f0c619834546222229912aa9143d9e10c9e912575d3440e53dd8ce19493915e7e347a5c87adc -AUX xen-4.2-CVE-2013-20to23-XSA-55.patch 12908 SHA256 7422a1ae6d9aea2c0f7df0c459ac48f2a0ea5e1b4daaad0fd74a575ee0a5d73c SHA512 d03a0617d9e74e29b9dacc1a86268f164bb14b490c599166bc37b4524240a0d61d9e312cbe50a9eac1c6d98f050638bfb684cb13df1158478f09100948e5f9aa WHIRLPOOL 3142b686bf1279fb17c3a58c43f5b5a11814fbd3d455d7ebee0fe8f949668eed1bcd88ec5e6cbc71963ce99c830af4e21898cf2d4b7252c64d57b89e8ccc2bf4 -AUX xen-4.2-CVE-2013-3-XSA-55.patch 6149 SHA256 f5b809eceb7d342bac01f6a204eca7c89e1c62287040d2588b093b9cd0b5be22 SHA512 6f1ae849160076202d7dfacf2b8b880effeec19112ef18bb40ceaeac6649f9cd235e26eaaf78ffc83907f5098926818633b1344a3626454ad95dd97a1894ccf4 WHIRLPOOL 88f142e62caddffc611917e79dbbbda9870a779514fbee86c42888d53a2e94ad23fb25c626630410ef9cbb704fd5a3358d1a9bc98e2f9ef82298c2b00ba2bf95 -AUX xen-4.2-CVE-2013-4-XSA-55.patch 2139 SHA256 51b5f8a996f0d84c715235b1497e0816a6b31fbeea593b7c14925d11856e48b1 SHA512 41034da15f7ffdb6efee41dcc763276b1fcdf160edda88a15b0e0c39bc175a592825e9faa78b209a54f01dcb0e5198b6b40a924f49aed1334fdca54739f35e56 WHIRLPOOL 4da524a196fc713f75f57aacc178ad1b0e2e5ab6b00b941620f682a8894fca79a212155bc3e8200b870d3df959ef68f18cdd116ce64f1d3c93007159bdac4201 -AUX xen-4.2-CVE-2013-5to7-XSA-55.patch 6392 SHA256 2861fc68d7b9c49784deb43eeb7196e53316f5439d129d686b7b2157543f9c0a SHA512 1f69e1d9c56244bb8a97b0f9a426007e5779a7e88f2add879a289eda923723e3b4bddcc034797a4e79646780bca1b445fbbc857c9155e72d2177739525d5d88b WHIRLPOOL 4bd68553974eab849315ffff90ef7e0d7811923763ab3c0f111d60f15d574e65652aa5c60708bf60410f5caa0914a2d43dfb4242d7451fb76576a4d2b79fe1a8 -AUX xen-4.2-CVE-2013-9to10-XSA-55.patch 11035 SHA256 c73c57ff530c15efa62ee4853d8213f0bac9c31280485f7b54e8b96721fadd92 SHA512 2991e7bf598ac2af57a96204a8babb4c15e5eb7c35c2477e4171b6c600ddc98906fe6dcda02fd5c155d196135b6c28631422bde5302db173ebdfc821089b8de1 WHIRLPOOL dbe8fa7421a68c13159b18b3bf898088c02d9b49d587a2f70a733d6a509fea13246b28b73136510b019d2b28fb23c45fb59e8711d189c0538a758639aaa62dd3 AUX xen-4.2.1-externals.patch 3188 SHA256 08178c57f3de4dc5227a3a8dc3a7f6c951ddb7224cf1566066f0ca39a3f772bf SHA512 50455f5544f381fe75a3c00b8920fc30ed5f5738343a89dbb9af3883745b6dbd792f458fe073ee8a6bc41bde061aeab64fde28c2ac008fe8a7bb8a9e1c2ca823 WHIRLPOOL 9be67a23c4594737c2c531b068cebd1d456855417c762db9392c81bce2c7ecd5c94a06dafe872e1e7ee2f8ef2a72a55f12e5b2fc6cb3b59d01d20779521b2694 AUX xen-4.3-externals.patch 2806 SHA256 f4693d85070c0983b440eaa061b4a769119e12fc0304561a9cc302d04d0dfd3d SHA512 07e9270ef404dfb765be284887e6d24202ac1783d08e7d30a768d461d6565fac4a4e9625b245610353bf2b76baf54c736170bfc84ed507491f7876e0d7a11c7d WHIRLPOOL 9240067e706ec4a2d33c8a6e1556f8df137984b7015e4347e52b35e2f562284669634137357e7651d7f747638592cf429ef3e60792489e0c287b6387690fd9ad AUX xen-4.3-fix_dotconfig-gcc.patch 8854 SHA256 4e0d22acdb4ecc4a1d418ec91bc6ddb9ef1c283ee3ca1f67bac85d3116d76ccc SHA512 b4c969b0cf166862ea5c5cb0912d7dae8c5bf7befd6dd6bdf4e56df8a4daf85c0a36c94247053f74edc0f24b1c15a18e7ddae9d24ad28d54b726a1fbbab442be WHIRLPOOL de7b614ae486fd2cc591b405b475745b003c638c9be4c8153b61a368802af36d2a2974d1e022eb14fb58ad9260f9f82c438c84cb65c3499076c579f7e1c3e6ad @@ -26,42 +11,34 @@ AUX xen-pvgrub-4-qa.patch 985 SHA256 4a3c785ea1246d288c6cfdcc09b090d34a92185f716 AUX xen-pvgrub-4.2-jserver.patch 1487 SHA256 3bbf6d06ad1960e30dc84a3e3b179d5d23331ecf60d347871b7008c58456a6ed SHA512 f92bced9f3e7fec84b1bfce6ce3366f134cec2b892ffc3afcdd3fd3f73daf158c17c312260fae39bc9e04c1dab1045d17f0da706dd0dba0279e66dea454aed8d WHIRLPOOL 10828eb65effad714a61a18bcd6c33c2b7fb7fd0007b1a68aed7a653cd7e67acc04cc5eb9574d7d50c92fc7ca8223dff0c73f1cfde994e4ee1d787f536588b99 AUX xen-pvgrub-4.2.3-qa.patch 989 SHA256 bdd692759076df78b2ed777cf1d022002237f4d19a019691863eaa7eeaae0c53 SHA512 337cafc9fbb04c676dacf8212e2a63f580c466e3e71f6953d82d841f01d39d665b390540ac9a2924d5eb9e9bcb31fcbecba255f2241ae4ad0784940c339cc4f1 WHIRLPOOL 775e612612b087f4c3cab9f638b6a5f75648e9fe3568e09544fdb5c39ce46fc86f68ce60e64fa4278559ce56ce4b3dda52f55a19e16252e15cc437b033d81da1 AUX xen-pvgrub-4.3.1-qa.patch 945 SHA256 6ae5acc45d4c0c9fd1ca5f5013ada76e3aef89c1688b5cf62d0a80c7a240a83c SHA512 bcee20c172c585d92b2557fbec81214c08addfa1f81ea85b4f1646a8ef94ad549e7aeef868a2b2aeb028c92d9d85f943c0c1b532eeed030734da58a6385569bb WHIRLPOOL 1b693f717673125cd9052c45721b147505179ef20d623c6644e95a78a3bc3233366f9b275f475ac5c53fd1af7a0a5f239f383ec838293f3acf8d86e51032309e -DIST XSA-55patches.tar.gz 23888 SHA256 e86749d02ca5594ebcfdaea820a6cf1fe11015c7fdcc5836260498fae317d75b SHA512 ed1f321a1351df99cfb05e1dfc62dda1268544b0c0ceb7a01438805046e027fb9d59194d179b7a8c302b091a7bf444811b0b9359c4d42f7e902510515c275b6b WHIRLPOOL 5a611e5260f0fc97471f386da3499f7714e015c5c2556bd7199466558d8e375784d32655bdbe9ed4cbf492fa3b41091677d9fe6d3714b029c9a2b1dda6102edb DIST grub-0.97.tar.gz 971783 SHA256 4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b SHA512 c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb WHIRLPOOL 0ad7f5dc035e2a3ad5fd29b6388f06fd12a8cc694117b4cbd42b5302433aa522db23566222d35219fe17fb95edb5090553156198507f70208eda5d858fd52dd5 DIST lwip-1.3.0.tar.gz 398933 SHA256 772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f SHA512 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d WHIRLPOOL 63bdd9eb70f168ba2006a8f4bbe166b68528abe8364b23cdc1d468ccc4b137bb3447bf90695920f016e09d53d3b93ccf6e3697b3c46840f00b794789cb424acc DIST newlib-1.16.0.tar.gz 12024353 SHA256 db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07 SHA512 40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3 WHIRLPOOL 47f7afd525f482d79d9e964f0e75ee8a77e59551bd19cd94f9b95ac3af9406afa381c9d8d224f76eb568441ab613b2b194f8e5be50aa222f9ed2d9b9761829db DIST pciutils-2.2.9.tar.bz2 212265 SHA256 f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24 SHA512 2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5 WHIRLPOOL ce801947fcf7ba0b56710029f25e746d3e03a80699af9d3570efcd417b12b546264f286b2e78b1402cca766c08e35bdd0ff0a692ab4ad419295f00bcfe91130e DIST polarssl-1.1.4-gpl.tgz 611340 SHA256 2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6 SHA512 88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad WHIRLPOOL 39448c00dda142a836a78381b446c7b586272a44d8afc867a7ea702228f105bb2adffe757bd6c23af090cff64ef32e7af0c373dccc5145ff4c11552cf3f28383 -DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea -DIST xen-4.2.3-upstream-patches-0.tar.xz 84436 SHA256 7c2477b9b29c9d84bb26ed60bfc2700f2a614ed8040b93906e801831f3498b41 SHA512 a4e8b53a0efb9d64d4dc65ee3107422c8007537e03f9c8e6f1b2c838cf62e6819d447c1ed44aacb5c4e9979f0dad7ed313d2db61df6e6ad2d7708a81964a7e12 WHIRLPOOL cc3c2224bba3b2e5f057ec95f9e85e58b17bc0dce338da429c7970877967cddf69228258ff491be9c1d022169a90fcde34ef1bcb0c198c9123ca219707a5a99f -DIST xen-4.2.3.tar.gz 15613235 SHA256 69b6a73701383d609ad094a38925004e8595755fb39a6fafd579ba754e8667db SHA512 01521c8724354f92a2555683a8b103e5e16aedeb2c6166cc3ce40a0cc6cd9e07a601aa24930bb7391e00eb97f04003e6523dead09382cf86eb56f5b886509b9a WHIRLPOOL e7f7848ad632e5e77db95b2eb37c82f31a73021af4b6bb44091cc14103faa193bc2d6deb089e2a196daab5a08dbc08f135a8937a25a4ff5d31fe37c789bae1e9 DIST xen-4.2.4.tar.gz 15663999 SHA256 e23e6292affd7a6d82da99527e8bf3964e57eb7322144c67c2025692b1a21550 SHA512 3e5263511e7c40899f580f3384bd987f9c875b8e6816202fd1a5a64fe7e336803d09e58148af074938ef261f0ceeafad121ac541ddd2bf66b76c5aa4ad07c357 WHIRLPOOL 25d23f5d921139ba0f853fcd76ae998647d32292bccfd4e7c4f3b12f860a38fbb33ebda67c839657bf3a25d837c9c02b80d663362263d16d42284ffde09f0bc2 -DIST xen-4.3.1.tar.gz 16429423 SHA256 3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd SHA512 f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275 WHIRLPOOL 087390786cea9aee273a5d81988436303991aa5ea92faf111d3b619517368f8c8feef84f4f8c602cac723980a344eb90414887db4ca88a2ee14bc6b0253e36ca DIST xen-4.3.2.tar.gz 16472188 SHA256 17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69 SHA512 ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302 WHIRLPOOL 72250369fb2c90ba608e1da018cb6417b3089642c8ba59af9f2825ec5ba7c4e6c5d6f86140b20825817e4625727c6d58c5d38b00863c994e31c8a04927997bd3 DIST xen-4.4.0.tar.gz 18116578 SHA256 6910a504fe2ffe8db0e7a44756ce1c4c95e1ccbef942a1fc8da27aced5aac021 SHA512 84bc293415b8ce9686240b0145a92be190cdd7032c66b5b07906baacbfeb33ad1e6148336e951fd4506b7f4e0b250937c702226c0207d7088a50e643bedabd17 WHIRLPOOL 87886cc83bf1eaaf5dd5b67d7cc82823d98dd9b4b47c0a178ea70ee2367c1a4a142aa66df13f58603840d0e310fb5c09dc0d5b87f6361c934e1c83c95d09d406 DIST zlib-1.2.3.tar.gz 496597 SHA256 1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e SHA512 021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e WHIRLPOOL 8fd7010faf6a48a9c7ff4bcfe3ce4fe9061eb541259e0a2d0def214e8c4becf2b22e8d6f96f65ca827abffeaa9d96e95ed2402844f99835f7b079fc9f3e84276 -EBUILD xen-pvgrub-4.2.2-r1.ebuild 5325 SHA256 a23db43442635dc2202dcb185c1a8fcd2bbe8f224e99bd40f7f7acabf8575c5b SHA512 653ea6d984e2e7ba200c83493299dcbfb8f1028be56dd397bdbe76ff7cd0a82ea26b0addea7d67b95d89bbaae0306b80d58f2aaf03df805e0a5cf133cde3196e WHIRLPOOL ab5c1eba1b6bb58b9fe7c28ac72be0fb021032c0eab359ceac268f458ea1d24dcd813e3711c2090eef2cf1412d1425aa8993e4afa94931890d06adf2f1fe4fec -EBUILD xen-pvgrub-4.2.3.ebuild 4920 SHA256 ba5f66cbc4a73f0fee7188107df1cc08cd5c06aa53f42f8893525e7d699cc2e6 SHA512 726772875bf89cc2aaffba0bb95375663b6691d104e0a0ce2f4c408914fc0ff9c425d109535fcda663dd5bb4ee8f8ad70e94446c4bc8ef513bca8d5fce156484 WHIRLPOOL 7aeaae768dfb8d4f1be22efdf71d6b444d863c1b28f0c3ca4b5e0c5141993c84827598eea4fa135f1d44fedf91b0ce17f96e67752b126e61d4646dc6b098e127 EBUILD xen-pvgrub-4.2.4.ebuild 5014 SHA256 3ee57aa7e39d6da4832c09d7823bd30eb4c3d2275a7910a801e03b86a0c031d4 SHA512 acff809cece339cf1da412654b48bd3938d8cd589b5760de8ae571e6687ddc7e6057d297b4d42f8c23e8594cf64a5c730797b72f5512945b9f7886b09fdd4649 WHIRLPOOL 8acfe5845d9391f0af834b70c379f913d46bd0a36dfb34e0ee085bb3ad36db25a721f8fdc8ffb45e2af4b49dacde1b07dfb0d6341255b39726081c4c2bbeaf08 -EBUILD xen-pvgrub-4.3.1.ebuild 4458 SHA256 223802e59303b47dcbf895e6e29c90a8ffbb9d43711ccaf535b455807eafcafb SHA512 c6cef380fdc84fa065fb50996f52925ef70bb6fc712190f012820598dc48822fad7cc5982f4e3884ba7e1713757ec9e22b5da42947c265f0235ad594a8f6d92f WHIRLPOOL 533f6941a30b7c3457f0f942047072244150d1e319f99aa48af97d65efbd58cbdf76721313e70a6e125b66b00123aec12ebae5010b51292605af7450c4730aa8 EBUILD xen-pvgrub-4.3.2.ebuild 4471 SHA256 6918d9e078a2fc9ed38ddada3233bb89d5066686b5f7d5497b4c69b0371a89ab SHA512 64790070f02fce1174e558e71c172c64ed4e54260539e6261853eb26114d5363cb3678a0a3e56732221d568514a5bc97901a1e0bb8d00f78898a8de9a3fbc083 WHIRLPOOL 31f902b9247a4ec6d82b71b719ef7c542e553320bbabbc094a86a812cb46c97d913043560a9a750a154c49ca8a2bdad646cb0a74803242a2a366d22d7e71e4be EBUILD xen-pvgrub-4.4.0.ebuild 4409 SHA256 a6feaf7b92b3f77ebc5e039220378dca278f212b5dee7ea5936e99ffae82a905 SHA512 558db00d7735414ed2a2f9b08beb1344c4d80b33d2beb22b357ede93efc434eca42d815daedd16b747b3e47b73dd94987762af6d443e42cbdb6268b6718994e8 WHIRLPOOL 6934b878a920c09ece55166ea78b9e0adf5a1a0bd5d654f8fc19c98ac20c24bc9e85e8e051d137290a5a066ada13c60f43e630ef204a04722cee4fb862042269 -MISC ChangeLog 11561 SHA256 011feb3e4165dbd0412bdf5901c29e6a10ea5ddc23c8b9f827990a9219ea9907 SHA512 94649663f890b26763f2804f33f14686f25cd052c885764a5f703c858da4a337767bd2806bd2ecee4c714aa810af45ca2cf03582f59371653c1ac193d677a312 WHIRLPOOL 48592b3be1892526b725fd0b1d863b81e6367f408ee6692a3a87ade4518df0aca62f1bd522efef0244bcbce9685677368e22a3321502c78808812b4d7594f718 +MISC ChangeLog 12372 SHA256 de3cbcac68a0d84afd14d7bddb6fa2eaeb0eee2dff434834892fffc1c1107ef8 SHA512 4a0af651d21878a5968da59bfd9380192e1ada407a24f9b608b68cb4b2ec3da002b63696c9a66124ebc0ec8da0d31f505f33ecdfa49b3c8e0445278efdbcccb3 WHIRLPOOL 01f838f083f7c830c891680ec26229cc29abde15bb146ccd9c46357cdeb0eb6950787d924b443c070bcc1fb341b2a966638fc3120567456daeb7df3c6a7cbd17 MISC metadata.xml 156 SHA256 4a030777459245372bda9f7925f3a5ed3ef2b29b77e1a2971f3400ac2059b1e2 SHA512 66b610ce3a3c525f52ad132e0c6cab329866069d8f40cbfc7302b12f8fc1217705ce9d5aab9c08ee3f7eb86bd880b5c3595b10c3eb67932148a109ec11b88c22 WHIRLPOOL e7f151fa553d737c02f8791448170ddd88b9330b1b01a868cd5c32a875b58b36dd1e2b041308f657d35550f22e5798cd96037c3c890c0646119046f984505c23 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJTd2VSAAoJELp701BxlEWfoKsQAJF9vlqijFEpIkYv535DDP6J -KzJQpchWJryHTXtxFm6QHNmsLm86IATGry01bzfZQAhUigspiCHM8O+JZR99qAsP -0+WZXziHCzTOsNakmgD5oIW7Qy8LCEeCBVbTHFEnvZn81Km6pPKu1r0gXgKhD+/J -YSZeViXQN4WdeQQHJD4Rua5Q1QvhHSnCYPyxVVuY8N4KMlJGf1btOBdaMWIsrWhk -LfVCkW6WwUq1chb23Pyrjkbzau4JwT7/HC6orlYHAKeHmBdf/MLJyVHEW5yIzI84 -VGcwOKSOJJJyae7tk/HlrKbLnHzg+pY6HMeAZbEsBl+Ooqvc2Oh895A+A5EDtsSD -eOQcReHBCMyJhRkqq2KYVBRW/U/PFy/um2Jfr8hRcSu1VGGIeEGdhADFNADPEGq6 -8tONBElc2Wk9JXbue0dVFv7SvE2+xw12azXJOCNcvfTbCEmCA+1eHQf3VISSdi9M -g0hNy0/3/zHwmtdn3VCurjWO4/aeSMwfX0z58dE7XXw/Rbtv908Wh0zWIw4fmkBG -+mDmIdDOyjnjJK3KosxyiD2XGcR7RbWHMJaCHpak419+bbH9vLlsvSqr7Cg5DiR1 -U6Vh/geglze3FSkAGJxbgqjBySz2I0xIWhEJtEfGnGNqZgF/zXvztXaYU8xOCkcW -AN5ysv8mBfZQ2QbxjqjV -=guga +iQIcBAEBCAAGBQJTd298AAoJEJIMDbyqvv1VydMQAKG7FIa055hkSywSzVlPs48R +rAGJhyvseF1RzhFCpY6BgO4m1CDbu8ZZEZyXmDL6sWxXpPbfyNRhxELLEA8jjjw8 +mag1ZKblALdSv2jfsNwCG2CComqsfDqAHNfFPtdBWKww986Rf7DGzMTuDH8kgktW ++hti7oUUgZwMabcvmX2dWn06G78lD3gcmUa8eDKCBxgzHkQGNrfaUOrnKlCi7mbN +pJi3HC7J8Y9OBZDSnr9MiK8fZ62wciW0cLgxJdcf1Ywkb9KoQzv1Wf99GYUj3RlC +jx6GrYikeqt/PvNzZMF3KPGxKfWjf1Z+/5SiUAsrdYXfDtPwgjlXtJ74VCmGTnqq +kJiV/Q+O1RHhAHP1BjygKg+bofo5yT4EqZAL3w9FVz3ApcYNTNeupuA5BIJ+TSJ5 +JtSjBBgA4EyqPy41NX0NcC2LMwK+gqXIzHNYgMdYFs3l8I+UA6qcAImeZQRxCJTc +cmrDn5A3OCNuuxg9/EZfHORYu7BJO2eJIJMaUKZH9NkTdLSu8IxLpQdOr0FVCuKa +UFBVyrlOhYNNejueSoiBgzQ+EM0+NrpLCaSh01M7f0bt66iTG2P6ug9XZlWdaY5e +gY/1kZly54qkqzWvDRsCmEylIX2svgAGnk0KkmrglMw5FQ2EgyFg/p6Pwp44Qwa+ +v5KnqgayLT8DQRc0t60Y +=QIQc -----END PGP SIGNATURE----- diff --git a/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-6075-XSA-41.patch b/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-6075-XSA-41.patch deleted file mode 100644 index 7513ac3d5cba..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4-CVE-2012-6075-XSA-41.patch +++ /dev/null @@ -1,39 +0,0 @@ -authorMichael Contreras <michael@inetric.com> - Mon, 3 Dec 2012 04:11:22 +0000 (20:11 -0800) -committerAnthony Liguori <aliguori@us.ibm.com> - Mon, 3 Dec 2012 14:14:10 +0000 (08:14 -0600) - -The e1000_receive function for the e1000 needs to discard packets longer than -1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes -this behavior and allocates memory based on this assumption. - -Signed-off-by: Michael Contreras <michael@inetric.com> -Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> -hw/e1000.c - ---- tools/qemu-xen/hw/e1000.c -+++ tools/qemu-xen/hw/e1000.c -@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); - #define PNPMMIO_SIZE 0x20000 - #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ - -+/* this is the size past which hardware will drop packets when setting LPE=0 */ -+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 -+ - /* - * HW models: - * E1000_DEV_ID_82540EM works with Windows and Linux -@@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) - size = sizeof(min_buf); - } - -+ /* Discard oversized packets if !LPE and !SBP. */ -+ if (size > MAXIMUM_ETHERNET_VLAN_SIZE -+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE) -+ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { -+ return size; -+ } -+ - if (!receive_filter(s, buf, size)) - return size; - diff --git a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1922-XSA-48.patch b/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1922-XSA-48.patch deleted file mode 100644 index 998dbcb1d516..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1922-XSA-48.patch +++ /dev/null @@ -1,114 +0,0 @@ -Add -f FMT / --format FMT arg to qemu-nbd - -From: "Daniel P. Berrange" <berrange@redhat.com> - -Currently the qemu-nbd program will auto-detect the format of -any disk it is given. This behaviour is known to be insecure. -For example, if qemu-nbd initially exposes a 'raw' file to an -unprivileged app, and that app runs - - 'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0' - -then the next time the app is started, the qemu-nbd will now -detect it as a 'qcow2' file and expose /etc/shadow to the -unprivileged app. - -The only way to avoid this is to explicitly tell qemu-nbd what -disk format to use on the command line, completely disabling -auto-detection. This patch adds a '-f' / '--format' arg for -this purpose, mirroring what is already available via qemu-img -and qemu commands. - - qemu-nbd --format raw -p 9000 evil.img - -will now always use raw, regardless of what format 'evil.img' -looks like it contains - -Signed-off-by: Daniel P. Berrange <berrange@redhat.com> -[Use errx, not err. - Paolo] -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> - -[ This is a security issue, CVE-2013-1922 / XSA-48. ] - -diff --git a/qemu-nbd.c b/qemu-nbd.c -index 291cba2..8fbe2cf 100644 ---- a/tools/qemu-xen/qemu-nbd.c -+++ b/tools/qemu-xen/qemu-nbd.c -@@ -247,6 +247,7 @@ out: - int main(int argc, char **argv) - { - BlockDriverState *bs; -+ BlockDriver *drv; - off_t dev_offset = 0; - off_t offset = 0; - uint32_t nbdflags = 0; -@@ -256,7 +257,7 @@ int main(int argc, char **argv) - struct sockaddr_in addr; - socklen_t addr_len = sizeof(addr); - off_t fd_size; -- const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t"; -+ const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t"; - struct option lopt[] = { - { "help", 0, NULL, 'h' }, - { "version", 0, NULL, 'V' }, -@@ -271,6 +272,7 @@ int main(int argc, char **argv) - { "snapshot", 0, NULL, 's' }, - { "nocache", 0, NULL, 'n' }, - { "shared", 1, NULL, 'e' }, -+ { "format", 1, NULL, 'f' }, - { "persistent", 0, NULL, 't' }, - { "verbose", 0, NULL, 'v' }, - { NULL, 0, NULL, 0 } -@@ -292,6 +294,7 @@ int main(int argc, char **argv) - int max_fd; - int persistent = 0; - pthread_t client_thread; -+ const char *fmt = NULL; - - /* The client thread uses SIGTERM to interrupt the server. A signal - * handler ensures that "qemu-nbd -v -c" exits with a nice status code. -@@ -368,6 +371,9 @@ int main(int argc, char **argv) - errx(EXIT_FAILURE, "Shared device number must be greater than 0\n"); - } - break; -+ case 'f': -+ fmt = optarg; -+ break; - case 't': - persistent = 1; - break; -@@ -478,9 +484,19 @@ int main(int argc, char **argv) - bdrv_init(); - atexit(bdrv_close_all); - -+ if (fmt) { -+ drv = bdrv_find_format(fmt); -+ if (!drv) { -+ errx(EXIT_FAILURE, "Unknown file format '%s'", fmt); -+ } -+ } else { -+ drv = NULL; -+ } -+ - bs = bdrv_new("hda"); - srcpath = argv[optind]; -- if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) { -+ ret = bdrv_open(bs, srcpath, flags, drv); -+ if (ret < 0) { - errno = -ret; - err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]); - } -diff --git a/qemu-nbd.texi b/qemu-nbd.texi -index 44996cc..f56c68e 100644 ---- a/tools/qemu-xen/qemu-nbd.texi -+++ b/tools/qemu-xen/qemu-nbd.texi -@@ -36,6 +36,8 @@ Export Qemu disk image using NBD protocol. - disconnect the specified device - @item -e, --shared=@var{num} - device can be shared by @var{num} clients (default @samp{1}) -+@item -f, --format=@var{fmt} -+ force block driver for format @var{fmt} instead of auto-detecting - @item -t, --persistent - don't exit on the last connection - @item -v, --verbose diff --git a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1952-XSA-49.patch b/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1952-XSA-49.patch deleted file mode 100644 index 4b92c7f98d35..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1952-XSA-49.patch +++ /dev/null @@ -1,50 +0,0 @@ -VT-d: don't permit SVT_NO_VERIFY entries for known device types - -Only in cases where we don't know what to do we should leave the IRTE -blank (suppressing all validation), but we should always log a warning -in those cases (as being insecure). - -This is CVE-2013-1952 / XSA-49. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: "Zhang, Xiantao" <xiantao.zhang@intel.com> - ---- a/xen/drivers/passthrough/vtd/intremap.c -+++ b/xen/drivers/passthrough/vtd/intremap.c -@@ -440,16 +440,15 @@ static void set_msi_source_id(struct pci - type = pdev_type(seg, bus, devfn); - switch ( type ) - { -+ case DEV_TYPE_PCIe_ENDPOINT: - case DEV_TYPE_PCIe_BRIDGE: - case DEV_TYPE_PCIe2PCI_BRIDGE: -- case DEV_TYPE_LEGACY_PCI_BRIDGE: -- break; -- -- case DEV_TYPE_PCIe_ENDPOINT: - set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn)); - break; - - case DEV_TYPE_PCI: -+ case DEV_TYPE_LEGACY_PCI_BRIDGE: -+ /* case DEV_TYPE_PCI2PCIe_BRIDGE: */ - ret = find_upstream_bridge(seg, &bus, &devfn, &secbus); - if ( ret == 0 ) /* integrated PCI device */ - { -@@ -461,10 +460,15 @@ static void set_msi_source_id(struct pci - if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, - (bus << 8) | pdev->bus); -- else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) -+ else - set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); - } -+ else -+ dprintk(XENLOG_WARNING VTDPREFIX, -+ "d%d: no upstream bridge for %04x:%02x:%02x.%u\n", -+ pdev->domain->domain_id, -+ seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - break; - - default: diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-1-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-1-XSA-55.patch deleted file mode 100644 index d40959ca8ca8..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-1-XSA-55.patch +++ /dev/null @@ -1,417 +0,0 @@ -From 9737484becab4a25159f1e985700eaee89690d34 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:15 +0100 -Subject: [PATCH 01/23] libelf: abolish libelf-relocate.c - -This file is not actually used. It's not built in Xen's instance of -libelf; in libxc's it's built but nothing in it is called. Do not -compile it in libxc, and delete it. - -This reduces the amount of work we need to do in forthcoming patches -to libelf (particularly since as libelf-relocate.c is not used it is -probably full of bugs). - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> ---- - tools/libxc/Makefile | 2 +- - xen/common/libelf/libelf-relocate.c | 372 ----------------------------------- - 2 files changed, 1 insertions(+), 373 deletions(-) - delete mode 100644 xen/common/libelf/libelf-relocate.c - -diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile -index ca38cbd..d8c6a60 100644 ---- a/tools/libxc/Makefile -+++ b/tools/libxc/Makefile -@@ -53,7 +53,7 @@ vpath %.c ../../xen/common/libelf - CFLAGS += -I../../xen/common/libelf - - GUEST_SRCS-y += libelf-tools.c libelf-loader.c --GUEST_SRCS-y += libelf-dominfo.c libelf-relocate.c -+GUEST_SRCS-y += libelf-dominfo.c - - # new domain builder - GUEST_SRCS-y += xc_dom_core.c xc_dom_boot.c -diff --git a/xen/common/libelf/libelf-relocate.c b/xen/common/libelf/libelf-relocate.c -#deleted file mode 100644 -index 7ef4b01..0000000 ---- a/xen/common/libelf/libelf-relocate.c -+++ /dev/null -@@ -1,372 +0,0 @@ --/* -- * ELF relocation code (not used by xen kernel right now). -- * -- * This library is free software; you can redistribute it and/or -- * modify it under the terms of the GNU Lesser General Public -- * License as published by the Free Software Foundation; -- * version 2.1 of the License. -- * -- * This library is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * Lesser General Public License for more details. -- * -- * You should have received a copy of the GNU Lesser General Public -- * License along with this library; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -- */ -- --#include "libelf-private.h" -- --/* ------------------------------------------------------------------------ */ -- --static const char *rel_names_i386[] = { -- "R_386_NONE", -- "R_386_32", -- "R_386_PC32", -- "R_386_GOT32", -- "R_386_PLT32", -- "R_386_COPY", -- "R_386_GLOB_DAT", -- "R_386_JMP_SLOT", -- "R_386_RELATIVE", -- "R_386_GOTOFF", -- "R_386_GOTPC", -- "R_386_32PLT", -- "R_386_TLS_TPOFF", -- "R_386_TLS_IE", -- "R_386_TLS_GOTIE", -- "R_386_TLS_LE", -- "R_386_TLS_GD", -- "R_386_TLS_LDM", -- "R_386_16", -- "R_386_PC16", -- "R_386_8", -- "R_386_PC8", -- "R_386_TLS_GD_32", -- "R_386_TLS_GD_PUSH", -- "R_386_TLS_GD_CALL", -- "R_386_TLS_GD_POP", -- "R_386_TLS_LDM_32", -- "R_386_TLS_LDM_PUSH", -- "R_386_TLS_LDM_CALL", -- "R_386_TLS_LDM_POP", -- "R_386_TLS_LDO_32", -- "R_386_TLS_IE_32", -- "R_386_TLS_LE_32", -- "R_386_TLS_DTPMOD32", -- "R_386_TLS_DTPOFF32", -- "R_386_TLS_TPOFF32", --}; -- --static int elf_reloc_i386(struct elf_binary *elf, int type, -- uint64_t addr, uint64_t value) --{ -- void *ptr = elf_get_ptr(elf, addr); -- uint32_t *u32; -- -- switch ( type ) -- { -- case 1 /* R_386_32 */ : -- u32 = ptr; -- *u32 += elf->reloc_offset; -- break; -- case 2 /* R_386_PC32 */ : -- /* nothing */ -- break; -- default: -- return -1; -- } -- return 0; --} -- --/* ------------------------------------------------------------------------ */ -- --static const char *rel_names_x86_64[] = { -- "R_X86_64_NONE", -- "R_X86_64_64", -- "R_X86_64_PC32", -- "R_X86_64_GOT32", -- "R_X86_64_PLT32", -- "R_X86_64_COPY", -- "R_X86_64_GLOB_DAT", -- "R_X86_64_JUMP_SLOT", -- "R_X86_64_RELATIVE", -- "R_X86_64_GOTPCREL", -- "R_X86_64_32", -- "R_X86_64_32S", -- "R_X86_64_16", -- "R_X86_64_PC16", -- "R_X86_64_8", -- "R_X86_64_PC8", -- "R_X86_64_DTPMOD64", -- "R_X86_64_DTPOFF64", -- "R_X86_64_TPOFF64", -- "R_X86_64_TLSGD", -- "R_X86_64_TLSLD", -- "R_X86_64_DTPOFF32", -- "R_X86_64_GOTTPOFF", -- "R_X86_64_TPOFF32", --}; -- --static int elf_reloc_x86_64(struct elf_binary *elf, int type, -- uint64_t addr, uint64_t value) --{ -- void *ptr = elf_get_ptr(elf, addr); -- uint64_t *u64; -- uint32_t *u32; -- int32_t *s32; -- -- switch ( type ) -- { -- case 1 /* R_X86_64_64 */ : -- u64 = ptr; -- value += elf->reloc_offset; -- *u64 = value; -- break; -- case 2 /* R_X86_64_PC32 */ : -- u32 = ptr; -- *u32 = value - addr; -- if ( *u32 != (uint32_t)(value - addr) ) -- { -- elf_err(elf, "R_X86_64_PC32 overflow: 0x%" PRIx32 -- " != 0x%" PRIx32 "\n", -- *u32, (uint32_t) (value - addr)); -- return -1; -- } -- break; -- case 10 /* R_X86_64_32 */ : -- u32 = ptr; -- value += elf->reloc_offset; -- *u32 = value; -- if ( *u32 != value ) -- { -- elf_err(elf, "R_X86_64_32 overflow: 0x%" PRIx32 -- " != 0x%" PRIx64 "\n", -- *u32, value); -- return -1; -- } -- break; -- case 11 /* R_X86_64_32S */ : -- s32 = ptr; -- value += elf->reloc_offset; -- *s32 = value; -- if ( *s32 != (int64_t) value ) -- { -- elf_err(elf, "R_X86_64_32S overflow: 0x%" PRIx32 -- " != 0x%" PRIx64 "\n", -- *s32, (int64_t) value); -- return -1; -- } -- break; -- default: -- return -1; -- } -- return 0; --} -- --/* ------------------------------------------------------------------------ */ -- --static struct relocs { -- const char **names; -- int count; -- int (*func) (struct elf_binary * elf, int type, uint64_t addr, -- uint64_t value); --} relocs[] = --/* *INDENT-OFF* */ --{ -- [EM_386] = { -- .names = rel_names_i386, -- .count = sizeof(rel_names_i386) / sizeof(rel_names_i386[0]), -- .func = elf_reloc_i386, -- }, -- [EM_X86_64] = { -- .names = rel_names_x86_64, -- .count = sizeof(rel_names_x86_64) / sizeof(rel_names_x86_64[0]), -- .func = elf_reloc_x86_64, -- } --}; --/* *INDENT-ON* */ -- --/* ------------------------------------------------------------------------ */ -- --static const char *rela_name(int machine, int type) --{ -- if ( machine > sizeof(relocs) / sizeof(relocs[0]) ) -- return "unknown mach"; -- if ( !relocs[machine].names ) -- return "unknown mach"; -- if ( type > relocs[machine].count ) -- return "unknown rela"; -- return relocs[machine].names[type]; --} -- --static int elf_reloc_section(struct elf_binary *elf, -- const elf_shdr * rels, -- const elf_shdr * sect, const elf_shdr * syms) --{ -- const void *ptr, *end; -- const elf_shdr *shdr; -- const elf_rela *rela; -- const elf_rel *rel; -- const elf_sym *sym; -- uint64_t s_type; -- uint64_t r_offset; -- uint64_t r_info; -- uint64_t r_addend; -- int r_type, r_sym; -- size_t rsize; -- uint64_t shndx, sbase, addr, value; -- const char *sname; -- int machine; -- -- machine = elf_uval(elf, elf->ehdr, e_machine); -- if ( (machine >= (sizeof(relocs) / sizeof(relocs[0]))) || -- (relocs[machine].func == NULL) ) -- { -- elf_err(elf, "%s: can't handle machine %d\n", -- __FUNCTION__, machine); -- return -1; -- } -- if ( elf_swap(elf) ) -- { -- elf_err(elf, "%s: non-native byte order, relocation not supported\n", -- __FUNCTION__); -- return -1; -- } -- -- s_type = elf_uval(elf, rels, sh_type); -- rsize = (SHT_REL == s_type) ? elf_size(elf, rel) : elf_size(elf, rela); -- ptr = elf_section_start(elf, rels); -- end = elf_section_end(elf, rels); -- -- for ( ; ptr < end; ptr += rsize ) -- { -- switch ( s_type ) -- { -- case SHT_REL: -- rel = ptr; -- r_offset = elf_uval(elf, rel, r_offset); -- r_info = elf_uval(elf, rel, r_info); -- r_addend = 0; -- break; -- case SHT_RELA: -- rela = ptr; -- r_offset = elf_uval(elf, rela, r_offset); -- r_info = elf_uval(elf, rela, r_info); -- r_addend = elf_uval(elf, rela, r_addend); -- break; -- default: -- /* can't happen */ -- return -1; -- } -- if ( elf_64bit(elf) ) -- { -- r_type = ELF64_R_TYPE(r_info); -- r_sym = ELF64_R_SYM(r_info); -- } -- else -- { -- r_type = ELF32_R_TYPE(r_info); -- r_sym = ELF32_R_SYM(r_info); -- } -- -- sym = elf_sym_by_index(elf, r_sym); -- shndx = elf_uval(elf, sym, st_shndx); -- switch ( shndx ) -- { -- case SHN_UNDEF: -- sname = "*UNDEF*"; -- sbase = 0; -- break; -- case SHN_COMMON: -- elf_err(elf, "%s: invalid section: %" PRId64 "\n", -- __FUNCTION__, shndx); -- return -1; -- case SHN_ABS: -- sname = "*ABS*"; -- sbase = 0; -- break; -- default: -- shdr = elf_shdr_by_index(elf, shndx); -- if ( shdr == NULL ) -- { -- elf_err(elf, "%s: invalid section: %" PRId64 "\n", -- __FUNCTION__, shndx); -- return -1; -- } -- sname = elf_section_name(elf, shdr); -- sbase = elf_uval(elf, shdr, sh_addr); -- } -- -- addr = r_offset; -- value = elf_uval(elf, sym, st_value); -- value += r_addend; -- -- if ( elf->log_callback && (elf->verbose > 1) ) -- { -- uint64_t st_name = elf_uval(elf, sym, st_name); -- const char *name = st_name ? elf->sym_strtab + st_name : "*NONE*"; -- -- elf_msg(elf, -- "%s: type %s [%d], off 0x%" PRIx64 ", add 0x%" PRIx64 "," -- " sym %s [0x%" PRIx64 "], sec %s [0x%" PRIx64 "]" -- " -> addr 0x%" PRIx64 " value 0x%" PRIx64 "\n", -- __FUNCTION__, rela_name(machine, r_type), r_type, r_offset, -- r_addend, name, elf_uval(elf, sym, st_value), sname, sbase, -- addr, value); -- } -- -- if ( relocs[machine].func(elf, r_type, addr, value) == -1 ) -- { -- elf_err(elf, "%s: unknown/unsupported reloc type %s [%d]\n", -- __FUNCTION__, rela_name(machine, r_type), r_type); -- return -1; -- } -- } -- return 0; --} -- --int elf_reloc(struct elf_binary *elf) --{ -- const elf_shdr *rels, *sect, *syms; -- uint64_t i, count, type; -- -- count = elf_shdr_count(elf); -- for ( i = 0; i < count; i++ ) -- { -- rels = elf_shdr_by_index(elf, i); -- type = elf_uval(elf, rels, sh_type); -- if ( (type != SHT_REL) && (type != SHT_RELA) ) -- continue; -- -- sect = elf_shdr_by_index(elf, elf_uval(elf, rels, sh_info)); -- syms = elf_shdr_by_index(elf, elf_uval(elf, rels, sh_link)); -- if ( NULL == sect || NULL == syms ) -- continue; -- -- if ( !(elf_uval(elf, sect, sh_flags) & SHF_ALLOC) ) -- { -- elf_msg(elf, "%s: relocations for %s, skipping\n", -- __FUNCTION__, elf_section_name(elf, sect)); -- continue; -- } -- -- elf_msg(elf, "%s: relocations for %s @ 0x%" PRIx64 "\n", -- __FUNCTION__, elf_section_name(elf, sect), -- elf_uval(elf, sect, sh_addr)); -- if ( elf_reloc_section(elf, rels, sect, syms) != 0 ) -- return -1; -- } -- return 0; --} -- --/* -- * Local variables: -- * mode: C -- * c-set-style: "BSD" -- * c-basic-offset: 4 -- * tab-width: 4 -- * indent-tabs-mode: nil -- * End: -- */ --- -#1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-12to13-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-12to13-XSA-55.patch deleted file mode 100644 index 952d8797d836..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-12to13-XSA-55.patch +++ /dev/null @@ -1,371 +0,0 @@ -From d0790bdad7496e720416b2d4a04563c4c27e7b95 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:17 +0100 -Subject: [PATCH 12/23] libelf: Check pointer references in elf_is_elfbinary - -elf_is_elfbinary didn't take a length parameter and could potentially -access out of range when provided with a very short image. - -We only need to check the size is enough for the actual dereference in -elf_is_elfbinary; callers are just using it to check the magic number -and do their own checks (usually via the new elf_ptrval system) before -dereferencing other parts of the header. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> ---- - tools/libxc/xc_dom_elfloader.c | 2 +- - xen/arch/x86/bzimage.c | 4 ++-- - xen/common/libelf/libelf-loader.c | 2 +- - xen/common/libelf/libelf-tools.c | 9 ++++++--- - xen/include/xen/libelf.h | 4 +++- - 5 files changed, 13 insertions(+), 8 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index b82a08c..ea45886 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -95,7 +95,7 @@ static int check_elf_kernel(struct xc_dom_image *dom, int verbose) - return -EINVAL; - } - -- if ( !elf_is_elfbinary(dom->kernel_blob) ) -+ if ( !elf_is_elfbinary(dom->kernel_blob, dom->kernel_size) ) - { - if ( verbose ) - xc_dom_panic(dom->xch, -diff --git a/xen/arch/x86/bzimage.c b/xen/arch/x86/bzimage.c -index 5adc223..3600dca 100644 ---- a/xen/arch/x86/bzimage.c -+++ b/xen/arch/x86/bzimage.c -@@ -220,7 +220,7 @@ unsigned long __init bzimage_headroom(char *image_start, - image_length = hdr->payload_length; - } - -- if ( elf_is_elfbinary(image_start) ) -+ if ( elf_is_elfbinary(image_start, image_length) ) - return 0; - - orig_image_len = image_length; -@@ -251,7 +251,7 @@ int __init bzimage_parse(char *image_base, char **image_start, unsigned long *im - *image_len = hdr->payload_length; - } - -- if ( elf_is_elfbinary(*image_start) ) -+ if ( elf_is_elfbinary(*image_start, *image_len) ) - return 0; - - BUG_ON(!(image_base < *image_start)); -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index a3310e7..f8be635 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -29,7 +29,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size) - ELF_HANDLE_DECL(elf_shdr) shdr; - uint64_t i, count, section, offset; - -- if ( !elf_is_elfbinary(image_input) ) -+ if ( !elf_is_elfbinary(image_input, size) ) - { - elf_err(elf, "%s: not an ELF binary\n", __FUNCTION__); - return -1; -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 46ca553..744027e 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -332,11 +332,14 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL( - - /* ------------------------------------------------------------------------ */ - --int elf_is_elfbinary(const void *image) -+int elf_is_elfbinary(const void *image_start, size_t image_size) - { -- const Elf32_Ehdr *ehdr = image; -+ const Elf32_Ehdr *ehdr = image_start; - -- return IS_ELF(*ehdr); /* fixme unchecked */ -+ if ( image_size < sizeof(*ehdr) ) -+ return 0; -+ -+ return IS_ELF(*ehdr); - } - - int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index ddc3ed7..ac93858 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -350,7 +350,9 @@ uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), - unsigned int unitsz, unsigned int idx); - ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - --int elf_is_elfbinary(const void *image); -+/* (Only) checks that the image has the right magic number. */ -+int elf_is_elfbinary(const void *image_start, size_t image_size); -+ - int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - - /* ------------------------------------------------------------------------ */ --- -1.7.2.5 -#From a965b8f80388603d439ae2b8ee7b9b018a079f90 Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:17 +0100 -#Subject: [PATCH 13/23] libelf: Make all callers call elf_check_broken -# -#This arranges that if the new pointer reference error checking -#tripped, we actually get a message about it. In this patch these -#messages do not change the actual return values from the various -#functions: so pointer reference errors do not prevent loading. This -#is for fear that some existing kernels might cause the code to make -#these wild references, which would then break, which is not a good -#thing in a security patch. -# -#In xen/arch/x86/domain_build.c we have to introduce an "out" label and -#change all of the "return rc" beyond the relevant point into "goto -#out". -# -#Difference in the 4.2 series, compared to unstable: -# -#* tools/libxc/xc_hvm_build_x86.c:setup_guest and -# xen/arch/arm/kernel.c:kernel_try_elf_prepare have different -# error handling in 4.2 to unstable; patch adjusted accordingly. -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -# -#xen-unstable version Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com> -#--- -# tools/libxc/xc_dom_elfloader.c | 25 +++++++++++++++++++++---- -# tools/libxc/xc_hvm_build_x86.c | 5 +++++ -# tools/xcutils/readnotes.c | 3 +++ -# xen/arch/arm/kernel.c | 15 ++++++++++++++- -# xen/arch/x86/domain_build.c | 28 +++++++++++++++++++++------- -# 5 files changed, 64 insertions(+), 12 deletions(-) -# -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index ea45886..4fb4da2 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -276,6 +276,13 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - elf_store_field(elf, shdr, e32.sh_name, 0); - } - -+ if ( elf_check_broken(&syms) ) -+ DOMPRINTF("%s: symbols ELF broken: %s", __FUNCTION__, -+ elf_check_broken(&syms)); -+ if ( elf_check_broken(elf) ) -+ DOMPRINTF("%s: ELF broken: %s", __FUNCTION__, -+ elf_check_broken(elf)); -+ - if ( tables == 0 ) - { - DOMPRINTF("%s: no symbol table present", __FUNCTION__); -@@ -312,19 +319,23 @@ static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom) - { - xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: ELF image" - " has no shstrtab", __FUNCTION__); -- return -EINVAL; -+ rc = -EINVAL; -+ goto out; - } - - /* parse binary and get xen meta info */ - elf_parse_binary(elf); - if ( (rc = elf_xen_parse(elf, &dom->parms)) != 0 ) -- return rc; -+ { -+ goto out; -+ } - - if ( elf_xen_feature_get(XENFEAT_dom0, dom->parms.f_required) ) - { - xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: Kernel does not" - " support unprivileged (DomU) operation", __FUNCTION__); -- return -EINVAL; -+ rc = -EINVAL; -+ goto out; - } - - /* find kernel segment */ -@@ -338,7 +349,13 @@ static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom) - DOMPRINTF("%s: %s: 0x%" PRIx64 " -> 0x%" PRIx64 "", - __FUNCTION__, dom->guest_type, - dom->kernel_seg.vstart, dom->kernel_seg.vend); -- return 0; -+ rc = 0; -+out: -+ if ( elf_check_broken(elf) ) -+ DOMPRINTF("%s: ELF broken: %s", __FUNCTION__, -+ elf_check_broken(elf)); -+ -+ return rc; - } - - static int xc_dom_load_elf_kernel(struct xc_dom_image *dom) -diff --git a/tools/libxc/xc_hvm_build_x86.c b/tools/libxc/xc_hvm_build_x86.c -index ccfd8b5..8165287 100644 ---- a/tools/libxc/xc_hvm_build_x86.c -+++ b/tools/libxc/xc_hvm_build_x86.c -@@ -403,11 +403,16 @@ static int setup_guest(xc_interface *xch, - munmap(page0, PAGE_SIZE); - } - -+ if ( elf_check_broken(&elf) ) -+ ERROR("HVM ELF broken: %s", elf_check_broken(&elf)); -+ - free(page_array); - return 0; - - error_out: - free(page_array); -+ if ( elf_check_broken(&elf) ) -+ ERROR("HVM ELF broken, failing: %s", elf_check_broken(&elf)); - return -1; - } - -diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c -index cfae994..d1f7a30 100644 ---- a/tools/xcutils/readnotes.c -+++ b/tools/xcutils/readnotes.c -@@ -301,6 +301,9 @@ int main(int argc, char **argv) - printf("__xen_guest: %s\n", - elf_strfmt(&elf, elf_section_start(&elf, shdr))); - -+ if (elf_check_broken(&elf)) -+ printf("warning: broken ELF: %s\n", elf_check_broken(&elf)); -+ - return 0; - } - -diff --git a/xen/arch/arm/kernel.c b/xen/arch/arm/kernel.c -index 2d56130..dec0519 100644 ---- a/xen/arch/arm/kernel.c -+++ b/xen/arch/arm/kernel.c -@@ -146,6 +146,8 @@ static int kernel_try_elf_prepare(struct kernel_info *info) - { - int rc; - -+ memset(&info->elf.elf, 0, sizeof(info->elf.elf)); -+ - info->kernel_order = get_order_from_bytes(KERNEL_FLASH_SIZE); - info->kernel_img = alloc_xenheap_pages(info->kernel_order, 0); - if ( info->kernel_img == NULL ) -@@ -160,7 +162,7 @@ static int kernel_try_elf_prepare(struct kernel_info *info) - #endif - elf_parse_binary(&info->elf.elf); - if ( (rc = elf_xen_parse(&info->elf.elf, &info->elf.parms)) != 0 ) -- return rc; -+ goto err; - - /* - * TODO: can the ELF header be used to find the physical address -@@ -169,7 +171,18 @@ static int kernel_try_elf_prepare(struct kernel_info *info) - info->entry = info->elf.parms.virt_entry; - info->load = kernel_elf_load; - -+ if ( elf_check_broken(&info->elf.elf) ) -+ printk("Xen: warning: ELF kernel broken: %s\n", -+ elf_check_broken(&info->elf.elf)); -+ - return 0; -+ -+err: -+ if ( elf_check_broken(&info->elf.elf) ) -+ printk("Xen: ELF kernel broken: %s\n", -+ elf_check_broken(&info->elf.elf)); -+ -+ return rc; - } - - int kernel_prepare(struct kernel_info *info) -diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c -index a655b21..0dbec96 100644 ---- a/xen/arch/x86/domain_build.c -+++ b/xen/arch/x86/domain_build.c -@@ -374,7 +374,7 @@ int __init construct_dom0( - #endif - elf_parse_binary(&elf); - if ( (rc = elf_xen_parse(&elf, &parms)) != 0 ) -- return rc; -+ goto out; - - /* compatibility check */ - compatible = 0; -@@ -413,14 +413,16 @@ int __init construct_dom0( - if ( !compatible ) - { - printk("Mismatch between Xen and DOM0 kernel\n"); -- return -EINVAL; -+ rc = -EINVAL; -+ goto out; - } - - if ( parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE && - !test_bit(XENFEAT_dom0, parms.f_supported) ) - { - printk("Kernel does not support Dom0 operation\n"); -- return -EINVAL; -+ rc = -EINVAL; -+ goto out; - } - - #if defined(__x86_64__) -@@ -734,7 +736,8 @@ int __init construct_dom0( - (v_end > HYPERVISOR_COMPAT_VIRT_START(d)) ) - { - printk("DOM0 image overlaps with Xen private area.\n"); -- return -EINVAL; -+ rc = -EINVAL; -+ goto out; - } - - if ( is_pv_32on64_domain(d) ) -@@ -914,7 +917,7 @@ int __init construct_dom0( - if ( rc < 0 ) - { - printk("Failed to load the kernel binary\n"); -- return rc; -+ goto out; - } - bootstrap_map(NULL); - -@@ -925,7 +928,8 @@ int __init construct_dom0( - { - write_ptbase(current); - printk("Invalid HYPERCALL_PAGE field in ELF notes.\n"); -- return -1; -+ rc = -1; -+ goto out; - } - hypercall_page_initialise( - d, (void *)(unsigned long)parms.virt_hypercall); -@@ -1272,9 +1276,19 @@ int __init construct_dom0( - - BUG_ON(rc != 0); - -- iommu_dom0_init(dom0); -+ if ( elf_check_broken(&elf) ) -+ printk(" Xen warning: dom0 kernel broken ELF: %s\n", -+ elf_check_broken(&elf)); - -+ iommu_dom0_init(dom0); - return 0; -+ -+out: -+ if ( elf_check_broken(&elf) ) -+ printk(" Xen dom0 kernel broken ELF: %s\n", -+ elf_check_broken(&elf)); -+ -+ return rc; - } - - /* --- -1.7.2.5 - - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-14-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-14-XSA-55.patch deleted file mode 100644 index 67990a2435c3..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-14-XSA-55.patch +++ /dev/null @@ -1,252 +0,0 @@ -From 3fb6ccf2faccaf5e22e33a3155ccc72d732896d8 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:18 +0100 -Subject: [PATCH 14/23] libelf: use C99 bool for booleans - -We want to remove uses of "int" because signed integers have -undesirable undefined behaviours on overflow. Malicious compilers can -turn apparently-correct code into code with security vulnerabilities -etc. - -In this patch we change all the booleans in libelf to C99 bool, -from <stdbool.h>. - -For the one visible libelf boolean in libxc's public interface we -retain the use of int to avoid changing the ABI; libxc converts it to -a bool for consumption by libelf. - -It is OK to change all values only ever used as booleans to _Bool -(bool) because conversion from any scalar type to a _Bool works the -same as the boolean test in if() or ?: and is always defined (C99 -6.3.1.2). But we do need to check that all these variables really are -only ever used that way. (It is theoretically possible that the old -code truncated some 64-bit values to 32-bit ints which might become -zero depending on the value, which would mean a behavioural change in -this patch, but it seems implausible that treating 0x????????00000000 -as false could have been intended.) - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: George Dunlap <george.dunlap@eu.citrix.com> ---- - tools/libxc/xc_dom_elfloader.c | 8 ++++---- - xen/common/libelf/libelf-dominfo.c | 2 +- - xen/common/libelf/libelf-loader.c | 4 ++-- - xen/common/libelf/libelf-private.h | 2 +- - xen/common/libelf/libelf-tools.c | 10 +++++----- - xen/include/xen/libelf.h | 18 ++++++++++-------- - 6 files changed, 23 insertions(+), 21 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 4fb4da2..9ba64ae 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -34,7 +34,7 @@ - /* ------------------------------------------------------------------------ */ - - static void log_callback(struct elf_binary *elf, void *caller_data, -- int iserr, const char *fmt, va_list al) { -+ bool iserr, const char *fmt, va_list al) { - xc_interface *xch = caller_data; - - xc_reportv(xch, -@@ -46,7 +46,7 @@ static void log_callback(struct elf_binary *elf, void *caller_data, - - void xc_elf_set_logfile(xc_interface *xch, struct elf_binary *elf, - int verbose) { -- elf_set_log(elf, log_callback, xch, verbose); -+ elf_set_log(elf, log_callback, xch, verbose /* convert to bool */); - } - - /* ------------------------------------------------------------------------ */ -@@ -84,7 +84,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom, - /* ------------------------------------------------------------------------ */ - /* parse elf binary */ - --static int check_elf_kernel(struct xc_dom_image *dom, int verbose) -+static int check_elf_kernel(struct xc_dom_image *dom, bool verbose) - { - if ( dom->kernel_blob == NULL ) - { -@@ -112,7 +112,7 @@ static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom) - } - - static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, -- struct elf_binary *elf, int load) -+ struct elf_binary *elf, bool load) - { - struct elf_binary syms; - ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2; -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 98c80dc..12b6c2a 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -101,7 +101,7 @@ int elf_xen_parse_note(struct elf_binary *elf, - /* *INDENT-OFF* */ - static const struct { - char *name; -- int str; -+ bool str; - } note_desc[] = { - [XEN_ELFNOTE_ENTRY] = { "ENTRY", 0}, - [XEN_ELFNOTE_HYPERCALL_PAGE] = { "HYPERCALL_PAGE", 0}, -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index f8be635..0dccd4d 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -92,7 +92,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size) - } - - #ifndef __XEN__ --void elf_call_log_callback(struct elf_binary *elf, int iserr, -+void elf_call_log_callback(struct elf_binary *elf, bool iserr, - const char *fmt,...) { - va_list al; - -@@ -107,7 +107,7 @@ void elf_call_log_callback(struct elf_binary *elf, int iserr, - } - - void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, -- void *log_caller_data, int verbose) -+ void *log_caller_data, bool verbose) - { - elf->log_callback = log_callback; - elf->log_caller_data = log_caller_data; -diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h -index 280dfd1..277be04 100644 ---- a/xen/common/libelf/libelf-private.h -+++ b/xen/common/libelf/libelf-private.h -@@ -77,7 +77,7 @@ - #define elf_err(elf, fmt, args ... ) \ - elf_call_log_callback(elf, 1, fmt , ## args ); - --void elf_call_log_callback(struct elf_binary*, int iserr, const char *fmt,...); -+void elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt,...); - - #define safe_strcpy(d,s) \ - do { strncpy((d),(s),sizeof((d))-1); \ -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 744027e..fa58f76 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -31,7 +31,7 @@ const char *elf_check_broken(const struct elf_binary *elf) - return elf->broken; - } - --static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, -+static bool elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, - const void *region, uint64_t regionsize) - /* - * Returns true if the putative memory area [ptrval,ptrval+size> -@@ -53,7 +53,7 @@ static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, - return 1; - } - --int elf_access_ok(struct elf_binary * elf, -+bool elf_access_ok(struct elf_binary * elf, - uint64_t ptrval, size_t size) - { - if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) ) -@@ -92,7 +92,7 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base, - uint64_t moreoffset, size_t size) - { - elf_ptrval ptrval = base + moreoffset; -- int need_swap = elf_swap(elf); -+ bool need_swap = elf_swap(elf); - const uint8_t *u8; - const uint16_t *u16; - const uint32_t *u32; -@@ -332,7 +332,7 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL( - - /* ------------------------------------------------------------------------ */ - --int elf_is_elfbinary(const void *image_start, size_t image_size) -+bool elf_is_elfbinary(const void *image_start, size_t image_size) - { - const Elf32_Ehdr *ehdr = image_start; - -@@ -342,7 +342,7 @@ int elf_is_elfbinary(const void *image_start, size_t image_size) - return IS_ELF(*ehdr); - } - --int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) -+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { - uint64_t p_type = elf_uval(elf, phdr, p_type); - uint64_t p_flags = elf_uval(elf, phdr, p_flags); -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index ac93858..951430f 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -29,6 +29,8 @@ - #error define architectural endianness - #endif - -+#include <stdbool.h> -+ - #undef ELFSIZE - #include "elfstructs.h" - #ifdef __XEN__ -@@ -42,7 +44,7 @@ - - struct elf_binary; - typedef void elf_log_callback(struct elf_binary*, void *caller_data, -- int iserr, const char *fmt, va_list al); -+ bool iserr, const char *fmt, va_list al); - - #endif - -@@ -237,7 +239,7 @@ struct elf_binary { - elf_log_callback *log_callback; - void *log_caller_data; - #endif -- int verbose; -+ bool verbose; - const char *broken; - }; - -@@ -301,8 +303,8 @@ void elf_memset_safe(struct elf_binary*, elf_ptrval dst, int c, size_t); - * outside permitted areas. - */ - --int elf_access_ok(struct elf_binary * elf, -- uint64_t ptrval, size_t size); -+bool elf_access_ok(struct elf_binary * elf, -+ uint64_t ptrval, size_t size); - - #define elf_store_val(elf, type, ptr, val) \ - ({ \ -@@ -351,9 +353,9 @@ uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), - ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - - /* (Only) checks that the image has the right magic number. */ --int elf_is_elfbinary(const void *image_start, size_t image_size); -+bool elf_is_elfbinary(const void *image_start, size_t image_size); - --int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); -+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - - /* ------------------------------------------------------------------------ */ - /* xc_libelf_loader.c */ -@@ -367,7 +369,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size); - void elf_set_verbose(struct elf_binary *elf); - #else - void elf_set_log(struct elf_binary *elf, elf_log_callback*, -- void *log_caller_pointer, int verbose); -+ void *log_caller_pointer, bool verbose); - #endif - - void elf_parse_binary(struct elf_binary *elf); -@@ -419,7 +421,7 @@ struct elf_dom_parms { - char xen_ver[16]; - char loader[16]; - int pae; -- int bsd_symtab; -+ bool bsd_symtab; - uint64_t virt_base; - uint64_t virt_entry; - uint64_t virt_hypercall; --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-16-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-16-XSA-55.patch deleted file mode 100644 index fe09e46effcf..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-16-XSA-55.patch +++ /dev/null @@ -1,409 +0,0 @@ -From 52d8cc2dd3bb3e0f6d51e00280da934e8d91653a Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:18 +0100 -Subject: [PATCH 16/23] libelf: check loops for running away - -Ensure that libelf does not have any loops which can run away -indefinitely even if the input is bogus. (Grepped for \bfor, \bwhile -and \bgoto in libelf and xc_dom_*loader*.c.) - -Changes needed: - * elf_note_next uses the note's unchecked alleged length, which might - wrap round. If it does, return ELF_MAX_PTRVAL (0xfff..fff) instead, - which will be beyond the end of the section and so terminate the - caller's loop. Also check that the returned psuedopointer is sane. - * In various loops over section and program headers, check that the - calculated header pointer is still within the image, and quit the - loop if it isn't. - * Some fixed limits to avoid potentially O(image_size^2) loops: - - maximum length of strings: 4K (longer ones ignored totally) - - maximum total number of ELF notes: 65536 (any more are ignored) - * Check that the total program contents (text, data) we copy or - initialise doesn't exceed twice the output image area size. - * Remove an entirely useless loop from elf_xen_parse (!) - * Replace a nested search loop in in xc_dom_load_elf_symtab in - xc_dom_elfloader.c by a precomputation of a bitmap of referenced - symtabs. - -We have not changed loops which might, in principle, iterate over the -whole image - even if they might do so one byte at a time with a -nontrivial access check function in the middle. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/xc_dom_elfloader.c | 33 ++++++++++++++++++------- - xen/common/libelf/libelf-dominfo.c | 43 ++++++++++++++++++++------------ - xen/common/libelf/libelf-loader.c | 47 ++++++++++++++++++++++++++++++++++- - xen/common/libelf/libelf-tools.c | 28 ++++++++++++++++++++- - xen/include/xen/libelf.h | 13 ++++++++++ - 5 files changed, 135 insertions(+), 29 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 62a0d3b..c5014d2 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -28,6 +28,7 @@ - - #include "xg_private.h" - #include "xc_dom.h" -+#include "xc_bitops.h" - - #define XEN_VER "xen-3.0" - -@@ -120,6 +121,7 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - ELF_PTRVAL_CHAR hdr; - size_t size; - unsigned h, count, type, i, tables = 0; -+ unsigned long *strtab_referenced = NULL; - - if ( elf_swap(elf) ) - { -@@ -220,22 +222,35 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - symtab, maxaddr); - - count = elf_shdr_count(&syms); -+ /* elf_shdr_count guarantees that count is reasonable */ -+ -+ strtab_referenced = xc_dom_malloc(dom, bitmap_size(count)); -+ if ( strtab_referenced == NULL ) -+ return -1; -+ bitmap_clear(strtab_referenced, count); -+ /* Note the symtabs @h linked to by any strtab @i. */ -+ for ( i = 0; i < count; i++ ) -+ { -+ shdr2 = elf_shdr_by_index(&syms, i); -+ if ( elf_uval(&syms, shdr2, sh_type) == SHT_SYMTAB ) -+ { -+ h = elf_uval(&syms, shdr2, sh_link); -+ if (h < count) -+ set_bit(h, strtab_referenced); -+ } -+ } -+ - for ( h = 0; h < count; h++ ) - { - shdr = ELF_OBSOLETE_VOIDP_CAST elf_shdr_by_index(&syms, h); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) ) -+ /* input has an insane section header count field */ -+ break; - type = elf_uval(&syms, shdr, sh_type); - if ( type == SHT_STRTAB ) - { -- /* Look for a strtab @i linked to symtab @h. */ -- for ( i = 0; i < count; i++ ) -- { -- shdr2 = elf_shdr_by_index(&syms, i); -- if ( (elf_uval(&syms, shdr2, sh_type) == SHT_SYMTAB) && -- (elf_uval(&syms, shdr2, sh_link) == h) ) -- break; -- } - /* Skip symtab @h if we found no corresponding strtab @i. */ -- if ( i == count ) -+ if ( !test_bit(h, strtab_referenced) ) - { - if ( elf_64bit(&syms) ) - elf_store_field(elf, shdr, e64.sh_offset, 0); -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index cdd0d31..25a10d7 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -221,7 +221,8 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, - static unsigned elf_xen_parse_notes(struct elf_binary *elf, - struct elf_dom_parms *parms, - ELF_PTRVAL_CONST_VOID start, -- ELF_PTRVAL_CONST_VOID end) -+ ELF_PTRVAL_CONST_VOID end, -+ unsigned *total_note_count) - { - unsigned xen_elfnotes = 0; - ELF_HANDLE_DECL(elf_note) note; -@@ -233,6 +234,12 @@ static unsigned elf_xen_parse_notes(struct elf_binary *elf, - ELF_HANDLE_PTRVAL(note) < parms->elf_note_end; - note = elf_note_next(elf, note) ) - { -+ if ( *total_note_count >= ELF_MAX_TOTAL_NOTE_COUNT ) -+ { -+ elf_mark_broken(elf, "too many ELF notes"); -+ break; -+ } -+ (*total_note_count)++; - note_name = elf_note_name(elf, note); - if ( note_name == NULL ) - continue; -@@ -473,6 +480,7 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, - ELF_HANDLE_DECL(elf_phdr) phdr; - unsigned xen_elfnotes = 0; - unsigned i, count, more_notes; -+ unsigned total_note_count = 0; - - elf_memset_unchecked(parms, 0, sizeof(*parms)); - parms->virt_base = UNSET_ADDR; -@@ -487,6 +495,9 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, - for ( i = 0; i < count; i++ ) - { - phdr = elf_phdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(phdr), 1) ) -+ /* input has an insane program header count field */ -+ break; - if ( elf_uval(elf, phdr, p_type) != PT_NOTE ) - continue; - -@@ -499,7 +510,8 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, - - more_notes = elf_xen_parse_notes(elf, parms, - elf_segment_start(elf, phdr), -- elf_segment_end(elf, phdr)); -+ elf_segment_end(elf, phdr), -+ &total_note_count); - if ( more_notes == ELF_NOTE_INVALID ) - return -1; - -@@ -516,13 +528,17 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, - for ( i = 0; i < count; i++ ) - { - shdr = elf_shdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) ) -+ /* input has an insane section header count field */ -+ break; - - if ( elf_uval(elf, shdr, sh_type) != SHT_NOTE ) - continue; - - more_notes = elf_xen_parse_notes(elf, parms, - elf_section_start(elf, shdr), -- elf_section_end(elf, shdr)); -+ elf_section_end(elf, shdr), -+ &total_note_count); - - if ( more_notes == ELF_NOTE_INVALID ) - return -1; -@@ -540,20 +556,15 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, - */ - if ( xen_elfnotes == 0 ) - { -- count = elf_shdr_count(elf); -- for ( i = 0; i < count; i++ ) -+ shdr = elf_shdr_by_name(elf, "__xen_guest"); -+ if ( ELF_HANDLE_VALID(shdr) ) - { -- shdr = elf_shdr_by_name(elf, "__xen_guest"); -- if ( ELF_HANDLE_VALID(shdr) ) -- { -- parms->guest_info = elf_section_start(elf, shdr); -- parms->elf_note_start = ELF_INVALID_PTRVAL; -- parms->elf_note_end = ELF_INVALID_PTRVAL; -- elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__, -- elf_strfmt(elf, parms->guest_info)); -- elf_xen_parse_guest_info(elf, parms); -- break; -- } -+ parms->guest_info = elf_section_start(elf, shdr); -+ parms->elf_note_start = ELF_INVALID_PTRVAL; -+ parms->elf_note_end = ELF_INVALID_PTRVAL; -+ elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__, -+ elf_strfmt(elf, parms->guest_info)); -+ elf_xen_parse_guest_info(elf, parms); - } - } - -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index c3a9e51..06799af 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -75,6 +75,9 @@ elf_errorstatus elf_init(struct elf_binary *elf, const char *image_input, size_t - for ( i = 0; i < count; i++ ) - { - shdr = elf_shdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) ) -+ /* input has an insane section header count field */ -+ break; - if ( elf_uval(elf, shdr, sh_type) != SHT_SYMTAB ) - continue; - elf->sym_tab = shdr; -@@ -170,6 +173,9 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart) - for ( i = 0; i < elf_shdr_count(elf); i++ ) - { - shdr = elf_shdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) ) -+ /* input has an insane section header count field */ -+ break; - type = elf_uval(elf, shdr, sh_type); - if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) ) - sz = elf_round_up(elf, sz + elf_uval(elf, shdr, sh_size)); -@@ -224,6 +230,9 @@ do { \ - - for ( i = 0; i < elf_shdr_count(elf); i++ ) - { -+ elf_ptrval old_shdr_p; -+ elf_ptrval new_shdr_p; -+ - type = elf_uval(elf, shdr, sh_type); - if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) ) - { -@@ -235,8 +244,16 @@ do { \ - elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr); - maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz); - } -- shdr = ELF_MAKE_HANDLE(elf_shdr, ELF_HANDLE_PTRVAL(shdr) + -- (unsigned long)elf_uval(elf, elf->ehdr, e_shentsize)); -+ old_shdr_p = ELF_HANDLE_PTRVAL(shdr); -+ new_shdr_p = old_shdr_p + elf_uval(elf, elf->ehdr, e_shentsize); -+ if ( new_shdr_p <= old_shdr_p ) /* wrapped or stuck */ -+ { -+ elf_mark_broken(elf, "bad section header length"); -+ break; -+ } -+ if ( !elf_access_ok(elf, new_shdr_p, 1) ) /* outside image */ -+ break; -+ shdr = ELF_MAKE_HANDLE(elf_shdr, new_shdr_p); - } - - /* Write down the actual sym size. */ -@@ -256,6 +273,9 @@ void elf_parse_binary(struct elf_binary *elf) - for ( i = 0; i < count; i++ ) - { - phdr = elf_phdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(phdr), 1) ) -+ /* input has an insane program header count field */ -+ break; - if ( !elf_phdr_is_loadable(elf, phdr) ) - continue; - paddr = elf_uval(elf, phdr, p_paddr); -@@ -278,11 +298,20 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf) - ELF_HANDLE_DECL(elf_phdr) phdr; - uint64_t i, count, paddr, offset, filesz, memsz; - ELF_PTRVAL_VOID dest; -+ /* -+ * Let bizarre ELFs write the output image up to twice; this -+ * calculation is just to ensure our copying loop is no worse than -+ * O(domain_size). -+ */ -+ uint64_t remain_allow_copy = (uint64_t)elf->dest_size * 2; - - count = elf_uval(elf, elf->ehdr, e_phnum); - for ( i = 0; i < count; i++ ) - { - phdr = elf_phdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(phdr), 1) ) -+ /* input has an insane program header count field */ -+ break; - if ( !elf_phdr_is_loadable(elf, phdr) ) - continue; - paddr = elf_uval(elf, phdr, p_paddr); -@@ -290,6 +319,20 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf) - filesz = elf_uval(elf, phdr, p_filesz); - memsz = elf_uval(elf, phdr, p_memsz); - dest = elf_get_ptr(elf, paddr); -+ -+ /* -+ * We need to check that the input image doesn't have us copy -+ * the whole image zillions of times, as that could lead to -+ * O(n^2) time behaviour and possible DoS by a malicous ELF. -+ */ -+ if ( remain_allow_copy < memsz ) -+ { -+ elf_mark_broken(elf, "program segments total to more" -+ " than the input image size"); -+ break; -+ } -+ remain_allow_copy -= memsz; -+ - elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n", - __func__, i, dest, (ELF_PTRVAL_VOID)(dest + filesz)); - if ( elf_load_image(elf, dest, ELF_IMAGE_BASE(elf) + offset, filesz, memsz) != 0 ) -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 46d4ab1..4a83133 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -131,7 +131,16 @@ uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr) - - unsigned elf_shdr_count(struct elf_binary *elf) - { -- return elf_uval(elf, elf->ehdr, e_shnum); -+ unsigned count = elf_uval(elf, elf->ehdr, e_shnum); -+ uint64_t max = elf->size / sizeof(Elf32_Shdr); -+ if (max > ~(unsigned)0) -+ max = ~(unsigned)0; /* Xen doesn't have limits.h :-/ */ -+ if (count > max) -+ { -+ elf_mark_broken(elf, "far too many section headers"); -+ count = max; -+ } -+ return count; - } - - unsigned elf_phdr_count(struct elf_binary *elf) -@@ -149,6 +158,9 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n - for ( i = 0; i < count; i++ ) - { - shdr = elf_shdr_by_index(elf, i); -+ if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) ) -+ /* input has an insane section header count field */ -+ break; - sname = elf_section_name(elf, shdr); - if ( sname && !strcmp(sname, name) ) - return shdr; -@@ -204,6 +216,11 @@ const char *elf_strval(struct elf_binary *elf, elf_ptrval start) - if ( !elf_access_unsigned(elf, start, length, 1) ) - /* ok */ - return ELF_UNSAFE_PTR(start); -+ if ( length >= ELF_MAX_STRING_LENGTH ) -+ { -+ elf_mark_broken(elf, "excessively long string"); -+ return NULL; -+ } - } - } - -@@ -327,7 +344,14 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL( - unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3; - unsigned descsz = (elf_uval(elf, note, descsz) + 3) & ~3; - -- return ELF_MAKE_HANDLE(elf_note, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz + descsz); -+ elf_ptrval ptrval = ELF_HANDLE_PTRVAL(note) -+ + elf_size(elf, note) + namesz + descsz; -+ -+ if ( ( ptrval <= ELF_HANDLE_PTRVAL(note) || /* wrapped or stuck */ -+ !elf_access_ok(elf, ELF_HANDLE_PTRVAL(note), 1) ) ) -+ ptrval = ELF_MAX_PTRVAL; /* terminate caller's loop */ -+ -+ return ELF_MAKE_HANDLE(elf_note, ptrval); - } - - /* ------------------------------------------------------------------------ */ -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index 87e126a..f95fe88 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -51,6 +51,9 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - - #endif - -+#define ELF_MAX_STRING_LENGTH 4096 -+#define ELF_MAX_TOTAL_NOTE_COUNT 65536 -+ - /* ------------------------------------------------------------------------ */ - - /* Macros for accessing the input image and output area. */ -@@ -353,6 +356,16 @@ ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_ - uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), - unsigned int unitsz, unsigned int idx); -+ -+/* -+ * If you use elf_note_next in a loop, you must put a nontrivial upper -+ * bound on the returned value as part of your loop condition. In -+ * some cases elf_note_next will substitute ELF_PTRVAL_MAX as return -+ * value to indicate that the iteration isn't going well (for example, -+ * the putative "next" value would be earlier in memory). In this -+ * case the caller's loop must terminate. Checking against the -+ * end of the notes segment with a strict inequality is sufficient. -+ */ - ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - - /* (Only) checks that the image has the right magic number. */ --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-17-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-17-XSA-55.patch deleted file mode 100644 index 4369599742c3..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-17-XSA-55.patch +++ /dev/null @@ -1,406 +0,0 @@ -From 3baaa4ffcd3e7dd6227f9bdf817f90e5b75aeda2 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:19 +0100 -Subject: [PATCH 17/23] libelf: abolish obsolete macros - -Abolish ELF_PTRVAL_[CONST_]{CHAR,VOID}; change uses to elf_ptrval. -Abolish ELF_HANDLE_DECL_NONCONST; change uses to ELF_HANDLE_DECL. -Abolish ELF_OBSOLETE_VOIDP_CAST; simply remove all uses. - -No functional change. (Verified by diffing assembler output.) - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - -v2: New patch. ---- - tools/libxc/xc_dom_elfloader.c | 8 +++--- - tools/xcutils/readnotes.c | 2 +- - xen/common/libelf/libelf-dominfo.c | 6 ++-- - xen/common/libelf/libelf-loader.c | 24 +++++++++--------- - xen/common/libelf/libelf-tools.c | 24 +++++++++--------- - xen/include/xen/libelf.h | 48 +++++++++--------------------------- - 6 files changed, 44 insertions(+), 68 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index c5014d2..9fc4b94 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -116,9 +116,9 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - struct elf_binary *elf, bool load) - { - struct elf_binary syms; -- ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2; -+ ELF_HANDLE_DECL(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2; - xen_vaddr_t symtab, maxaddr; -- ELF_PTRVAL_CHAR hdr; -+ elf_ptrval hdr; - size_t size; - unsigned h, count, type, i, tables = 0; - unsigned long *strtab_referenced = NULL; -@@ -242,7 +242,7 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - - for ( h = 0; h < count; h++ ) - { -- shdr = ELF_OBSOLETE_VOIDP_CAST elf_shdr_by_index(&syms, h); -+ shdr = elf_shdr_by_index(&syms, h); - if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) ) - /* input has an insane section header count field */ - break; -@@ -278,7 +278,7 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - if ( load ) - { - shdr2 = elf_shdr_by_index(elf, h); -- elf_memcpy_safe(elf, ELF_OBSOLETE_VOIDP_CAST elf_section_start(&syms, shdr), -+ elf_memcpy_safe(elf, elf_section_start(&syms, shdr), - elf_section_start(elf, shdr2), - size); - } -diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c -index 2ca7732..5fa445e 100644 ---- a/tools/xcutils/readnotes.c -+++ b/tools/xcutils/readnotes.c -@@ -80,7 +80,7 @@ static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf, - ELF_HANDLE_DECL(elf_note) note) - { - unsigned descsz = elf_uval(elf, note, descsz); -- ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); -+ elf_ptrval desc = elf_note_desc(elf, note); - - /* XXX should be able to cope with a list of values. */ - switch ( descsz / 2 ) -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 25a10d7..412ea70 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -220,8 +220,8 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, - - static unsigned elf_xen_parse_notes(struct elf_binary *elf, - struct elf_dom_parms *parms, -- ELF_PTRVAL_CONST_VOID start, -- ELF_PTRVAL_CONST_VOID end, -+ elf_ptrval start, -+ elf_ptrval end, - unsigned *total_note_count) - { - unsigned xen_elfnotes = 0; -@@ -258,7 +258,7 @@ static unsigned elf_xen_parse_notes(struct elf_binary *elf, - elf_errorstatus elf_xen_parse_guest_info(struct elf_binary *elf, - struct elf_dom_parms *parms) - { -- ELF_PTRVAL_CONST_CHAR h; -+ elf_ptrval h; - unsigned char name[32], value[128]; - unsigned len; - -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index 06799af..e2e75af 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -118,7 +118,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, - } - - static elf_errorstatus elf_load_image(struct elf_binary *elf, -- ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, -+ elf_ptrval dst, elf_ptrval src, - uint64_t filesz, uint64_t memsz) - { - elf_memcpy_safe(elf, dst, src, filesz); -@@ -132,7 +132,7 @@ void elf_set_verbose(struct elf_binary *elf) - elf->verbose = 1; - } - --static elf_errorstatus elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz) -+static elf_errorstatus elf_load_image(struct elf_binary *elf, elf_ptrval dst, elf_ptrval src, uint64_t filesz, uint64_t memsz) - { - elf_errorstatus rc; - if ( filesz > ULONG_MAX || memsz > ULONG_MAX ) -@@ -187,12 +187,12 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart) - - static void elf_load_bsdsyms(struct elf_binary *elf) - { -- ELF_HANDLE_DECL_NONCONST(elf_ehdr) sym_ehdr; -+ ELF_HANDLE_DECL(elf_ehdr) sym_ehdr; - unsigned long sz; -- ELF_PTRVAL_VOID maxva; -- ELF_PTRVAL_VOID symbase; -- ELF_PTRVAL_VOID symtab_addr; -- ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; -+ elf_ptrval maxva; -+ elf_ptrval symbase; -+ elf_ptrval symtab_addr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; - unsigned i, type; - - if ( !elf->bsd_symtab_pstart ) -@@ -226,7 +226,7 @@ do { \ - elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(shdr), - ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff), - sz); -- maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz); -+ maxva = elf_round_up(elf, (unsigned long)maxva + sz); - - for ( i = 0; i < elf_shdr_count(elf); i++ ) - { -@@ -242,7 +242,7 @@ do { \ - elf_memcpy_safe(elf, maxva, elf_section_start(elf, shdr), sz); - /* Mangled to be based on ELF header location. */ - elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr); -- maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz); -+ maxva = elf_round_up(elf, (unsigned long)maxva + sz); - } - old_shdr_p = ELF_HANDLE_PTRVAL(shdr); - new_shdr_p = old_shdr_p + elf_uval(elf, elf->ehdr, e_shentsize); -@@ -297,7 +297,7 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf) - { - ELF_HANDLE_DECL(elf_phdr) phdr; - uint64_t i, count, paddr, offset, filesz, memsz; -- ELF_PTRVAL_VOID dest; -+ elf_ptrval dest; - /* - * Let bizarre ELFs write the output image up to twice; this - * calculation is just to ensure our copying loop is no worse than -@@ -334,7 +334,7 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf) - remain_allow_copy -= memsz; - - elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n", -- __func__, i, dest, (ELF_PTRVAL_VOID)(dest + filesz)); -+ __func__, i, dest, (elf_ptrval)(dest + filesz)); - if ( elf_load_image(elf, dest, ELF_IMAGE_BASE(elf) + offset, filesz, memsz) != 0 ) - return -1; - } -@@ -343,7 +343,7 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf) - return 0; - } - --ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr) -+elf_ptrval elf_get_ptr(struct elf_binary *elf, unsigned long addr) - { - return ELF_REALPTR2PTRVAL(elf->dest_base) + addr - elf->pstart; - } -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 4a83133..e202249 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -171,7 +171,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n - ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned index) - { - uint64_t count = elf_shdr_count(elf); -- ELF_PTRVAL_CONST_VOID ptr; -+ elf_ptrval ptr; - - if ( index >= count ) - return ELF_INVALID_HANDLE(elf_shdr); -@@ -185,7 +185,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned ind - ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index) - { - uint64_t count = elf_uval(elf, elf->ehdr, e_phnum); -- ELF_PTRVAL_CONST_VOID ptr; -+ elf_ptrval ptr; - - if ( index >= count ) - return ELF_INVALID_HANDLE(elf_phdr); -@@ -233,24 +233,24 @@ const char *elf_strfmt(struct elf_binary *elf, elf_ptrval start) - return str; - } - --ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) -+elf_ptrval elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) - { - return ELF_IMAGE_BASE(elf) + elf_uval(elf, shdr, sh_offset); - } - --ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) -+elf_ptrval elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) - { - return ELF_IMAGE_BASE(elf) - + elf_uval(elf, shdr, sh_offset) + elf_uval(elf, shdr, sh_size); - } - --ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) -+elf_ptrval elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { - return ELF_IMAGE_BASE(elf) - + elf_uval(elf, phdr, p_offset); - } - --ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) -+elf_ptrval elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { - return ELF_IMAGE_BASE(elf) - + elf_uval(elf, phdr, p_offset) + elf_uval(elf, phdr, p_filesz); -@@ -258,8 +258,8 @@ ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(el - - ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol) - { -- ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab); -- ELF_PTRVAL_CONST_VOID end = elf_section_end(elf, elf->sym_tab); -+ elf_ptrval ptr = elf_section_start(elf, elf->sym_tab); -+ elf_ptrval end = elf_section_end(elf, elf->sym_tab); - ELF_HANDLE_DECL(elf_sym) sym; - uint64_t info, name; - const char *sym_name; -@@ -283,7 +283,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym - - ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index) - { -- ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab); -+ elf_ptrval ptr = elf_section_start(elf, elf->sym_tab); - ELF_HANDLE_DECL(elf_sym) sym; - - sym = ELF_MAKE_HANDLE(elf_sym, ptr + index * elf_size(elf, sym)); -@@ -295,7 +295,7 @@ const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note - return elf_strval(elf, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note)); - } - --ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) -+elf_ptrval elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { - unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3; - -@@ -304,7 +304,7 @@ ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_ - - uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { -- ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); -+ elf_ptrval desc = elf_note_desc(elf, note); - unsigned descsz = elf_uval(elf, note, descsz); - - switch (descsz) -@@ -322,7 +322,7 @@ uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note - uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note, - unsigned int unitsz, unsigned int idx) - { -- ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); -+ elf_ptrval desc = elf_note_desc(elf, note); - unsigned descsz = elf_uval(elf, note, descsz); - - if ( descsz % unitsz || idx >= descsz / unitsz ) -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index f95fe88..174f8da 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -61,13 +61,8 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - /* - * We abstract away the pointerness of these pointers, replacing - * various void*, char* and struct* with the following: -- * PTRVAL A pointer to a byte; one can do pointer arithmetic -+ * elf_ptrval A pointer to a byte; one can do pointer arithmetic - * on this. -- * This replaces variables which were char*,void* -- * and their const versions, so we provide four -- * different obsolete declaration macros: -- * ELF_PTRVAL_{,CONST}{VOID,CHAR} -- * New code can simply use the elf_ptrval typedef. - * HANDLE A pointer to a struct. There is one of these types - * for each pointer type - that is, for each "structname". - * In the arguments to the various HANDLE macros, structname -@@ -76,8 +71,6 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - * pointers. In the current code attempts to do so will - * compile, but in the next patch this will become a - * compile error. -- * We also provide a second declaration macro for -- * pointers which were to const; this is obsolete. - */ - - typedef uintptr_t elf_ptrval; -@@ -85,15 +78,9 @@ typedef uintptr_t elf_ptrval; - #define ELF_REALPTR2PTRVAL(realpointer) ((elf_ptrval)(realpointer)) - /* Converts an actual C pointer into a PTRVAL */ - --#define ELF_HANDLE_DECL_NONCONST(structname) structname##_handle /*obsolete*/ - #define ELF_HANDLE_DECL(structname) structname##_handle - /* Provides a type declaration for a HANDLE. */ - --#define ELF_PTRVAL_VOID elf_ptrval /*obsolete*/ --#define ELF_PTRVAL_CHAR elf_ptrval /*obsolete*/ --#define ELF_PTRVAL_CONST_VOID elf_ptrval /*obsolete*/ --#define ELF_PTRVAL_CONST_CHAR elf_ptrval /*obsolete*/ -- - #ifdef __XEN__ - # define ELF_PRPTRVAL "lu" - /* -@@ -124,17 +111,6 @@ typedef uintptr_t elf_ptrval; - #define ELF_HANDLE_PTRVAL(handleval) ((handleval).ptrval) - /* Converts a HANDLE to a PTRVAL. */ - --#define ELF_OBSOLETE_VOIDP_CAST /*empty*/ -- /* -- * In some places the old code used to need to -- * - cast away const (the existing code uses const a fair -- * bit but actually sometimes wants to write to its input) -- * from a PTRVAL. -- * - convert an integer representing a pointer to a PTRVAL -- * Nowadays all of these re uintptr_ts so there is no const problem -- * and no need for any casting. -- */ -- - #define ELF_UNSAFE_PTR(ptrval) ((void*)(elf_ptrval)(ptrval)) - /* - * Turns a PTRVAL into an actual C pointer. Before this is done -@@ -212,7 +188,7 @@ struct elf_binary { - char data; - - ELF_HANDLE_DECL(elf_ehdr) ehdr; -- ELF_PTRVAL_CONST_CHAR sec_strtab; -+ elf_ptrval sec_strtab; - ELF_HANDLE_DECL(elf_shdr) sym_tab; - uint64_t sym_strtab; - -@@ -290,7 +266,7 @@ struct elf_binary { - * str should be a HANDLE. - */ - --uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr, -+uint64_t elf_access_unsigned(struct elf_binary *elf, elf_ptrval ptr, - uint64_t offset, size_t size); - /* Reads a field at arbitrary offset and alignemnt */ - -@@ -342,17 +318,17 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned ind - ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index); - - const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); /* might return NULL if inputs are invalid */ --ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); --ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); -+elf_ptrval elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); -+elf_ptrval elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); - --ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); --ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); -+elf_ptrval elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); -+elf_ptrval elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - - ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol); - ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index); - - const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); /* may return NULL */ --ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); -+elf_ptrval elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), - unsigned int unitsz, unsigned int idx); -@@ -391,7 +367,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback*, - void elf_parse_binary(struct elf_binary *elf); - elf_errorstatus elf_load_binary(struct elf_binary *elf); - --ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr); -+elf_ptrval elf_get_ptr(struct elf_binary *elf, unsigned long addr); - uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol); - - void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart); /* private */ -@@ -426,9 +402,9 @@ struct xen_elfnote { - - struct elf_dom_parms { - /* raw */ -- ELF_PTRVAL_CONST_CHAR guest_info; -- ELF_PTRVAL_CONST_VOID elf_note_start; -- ELF_PTRVAL_CONST_VOID elf_note_end; -+ elf_ptrval guest_info; -+ elf_ptrval elf_note_start; -+ elf_ptrval elf_note_end; - struct xen_elfnote elf_notes[XEN_ELFNOTE_MAX + 1]; - - /* parsed */ --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-18to19-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-18to19-XSA-55.patch deleted file mode 100644 index a275ed83bcf4..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-18to19-XSA-55.patch +++ /dev/null @@ -1,450 +0,0 @@ -From b06e277b1fc08c7da3befeb3ac3950e1d941585d Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:19 +0100 -Subject: [PATCH 18/23] libxc: Add range checking to xc_dom_binloader - -This is a simple binary image loader with its own metadata format. -However, it is too careless with image-supplied values. - -Add the following checks: - - * That the image is bigger than the metadata table; otherwise the - pointer arithmetic to calculate the metadata table location may - yield undefined and dangerous values. - - * When clamping the end of the region to search, that we do not - calculate pointers beyond the end of the image. The C - specification does not permit this and compilers are becoming ever - more determined to miscompile code when they can "prove" various - falsehoods based on assertions from the C spec. - - * That the supplied image is big enough for the text we are allegedly - copying from it. Otherwise we might have a read overrun and copy - the results (perhaps a lot of secret data) into the guest. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/xc_dom_binloader.c | 15 +++++++++++++-- - 1 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c -index bde93f7..8596a28 100644 ---- a/tools/libxc/xc_dom_binloader.c -+++ b/tools/libxc/xc_dom_binloader.c -@@ -123,10 +123,13 @@ static struct xen_bin_image_table *find_table(struct xc_dom_image *dom) - uint32_t *probe_ptr; - uint32_t *probe_end; - -+ if ( dom->kernel_size < sizeof(*table) ) -+ return NULL; - probe_ptr = dom->kernel_blob; -- probe_end = dom->kernel_blob + dom->kernel_size - sizeof(*table); -- if ( (void*)probe_end > (dom->kernel_blob + 8192) ) -+ if ( dom->kernel_size > (8192 + sizeof(*table)) ) - probe_end = dom->kernel_blob + 8192; -+ else -+ probe_end = dom->kernel_blob + dom->kernel_size - sizeof(*table); - - for ( table = NULL; probe_ptr < probe_end; probe_ptr++ ) - { -@@ -282,6 +285,14 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom) - return -EINVAL; - } - -+ if ( image_size < skip || -+ image_size - skip < text_size ) -+ { -+ DOMPRINTF("%s: image is too small for declared text size", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ - memcpy(dest, image + skip, text_size); - memset(dest + text_size, 0, bss_size); - --- -1.7.2.5 -#From 77c0829fa751f052f7b8ec08287aef6e7ba97bc5 Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:19 +0100 -#Subject: [PATCH 19/23] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range -# -#The return values from xc_dom_*_to_ptr and xc_map_foreign_range are -#sometimes dereferenced, or subjected to pointer arithmetic, without -#checking whether the relevant function failed and returned NULL. -# -#Add an appropriate error check at every call site. -# -#Changes in the 4.2 backport of this series: -#* Fix tools/libxc/xc_dom_x86.c:setup_pgtables_x86_32. -#* Fix tools/libxc/xc_dom_ia64.c:start_info_ia64. -#* Fix tools/libxc/ia64/xc_ia64_dom_fwloader.c:xc_dom_load_fw_kernel. -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -#--- -# tools/libxc/ia64/xc_ia64_dom_fwloader.c | 2 + -# tools/libxc/xc_dom_binloader.c | 6 +++ -# tools/libxc/xc_dom_core.c | 6 +++ -# tools/libxc/xc_dom_elfloader.c | 13 +++++++ -# tools/libxc/xc_dom_ia64.c | 6 +++ -# tools/libxc/xc_dom_x86.c | 55 +++++++++++++++++++++++++++++++ -# tools/libxc/xc_domain_restore.c | 27 +++++++++++++++ -# tools/libxc/xc_offline_page.c | 5 +++ -# 8 files changed, 120 insertions(+), 0 deletions(-) -# -diff --git a/tools/libxc/ia64/xc_ia64_dom_fwloader.c b/tools/libxc/ia64/xc_ia64_dom_fwloader.c -index cdf3333..dbd3349 100644 ---- a/tools/libxc/ia64/xc_ia64_dom_fwloader.c -+++ b/tools/libxc/ia64/xc_ia64_dom_fwloader.c -@@ -60,6 +60,8 @@ static int xc_dom_load_fw_kernel(struct xc_dom_image *dom) - unsigned long i; - - dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart); -+ if ( dest == NULL ) -+ return -1; - memcpy(dest, dom->kernel_blob, FW_SIZE); - - /* Synchronize cache. */ -diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c -index 8596a28..553b366 100644 ---- a/tools/libxc/xc_dom_binloader.c -+++ b/tools/libxc/xc_dom_binloader.c -@@ -277,6 +277,12 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom) - DOMPRINTF(" bss_size: 0x%" PRIx32 "", bss_size); - - dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart, &dest_size); -+ if ( dest == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart)" -+ " => NULL", __FUNCTION__); -+ return -EINVAL; -+ } - - if ( dest_size < text_size || - dest_size - text_size < bss_size ) -diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c -index 8913e41..a54ddae 100644 ---- a/tools/libxc/xc_dom_core.c -+++ b/tools/libxc/xc_dom_core.c -@@ -868,6 +868,12 @@ int xc_dom_build_image(struct xc_dom_image *dom) - ramdisklen) != 0 ) - goto err; - ramdiskmap = xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg); -+ if ( ramdiskmap == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg) => NULL", -+ __FUNCTION__); -+ goto err; -+ } - if ( unziplen ) - { - if ( xc_dom_do_gunzip(dom->xch, -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 9fc4b94..61b5798 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -139,6 +139,12 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - return 0; - size = dom->kernel_seg.vend - dom->bsd_symtab_start; - hdr_ptr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size); -+ if ( hdr_ptr == NULL ) -+ { -+ DOMPRINTF("%s/load: xc_dom_vaddr_to_ptr(dom,dom->bsd_symtab_start" -+ " => NULL", __FUNCTION__); -+ return -1; -+ } - elf->caller_xdest_base = hdr_ptr; - elf->caller_xdest_size = allow_size; - hdr = ELF_REALPTR2PTRVAL(hdr_ptr); -@@ -384,7 +390,14 @@ static elf_errorstatus xc_dom_load_elf_kernel(struct xc_dom_image *dom) - xen_pfn_t pages; - - elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages); -+ if ( elf->dest_base == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom,dom->kernel_seg)" -+ " => NULL", __FUNCTION__); -+ return -1; -+ } - elf->dest_size = pages * XC_DOM_PAGE_SIZE(dom); -+ - rc = elf_load_binary(elf); - if ( rc < 0 ) - { -diff --git a/tools/libxc/xc_dom_ia64.c b/tools/libxc/xc_dom_ia64.c -index dcd1523..7c0eff1 100644 ---- a/tools/libxc/xc_dom_ia64.c -+++ b/tools/libxc/xc_dom_ia64.c -@@ -60,6 +60,12 @@ int start_info_ia64(struct xc_dom_image *dom) - - DOMPRINTF_CALLED(dom->xch); - -+ if ( start_info == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__); -+ return -1; /* our caller throws away our return value :-/ */ -+ } -+ - memset(start_info, 0, sizeof(*start_info)); - sprintf(start_info->magic, dom->guest_type); - start_info->flags = dom->flags; -diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c -index 0cf1687..75d6b83 100644 ---- a/tools/libxc/xc_dom_x86.c -+++ b/tools/libxc/xc_dom_x86.c -@@ -144,6 +144,9 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom) - xen_vaddr_t addr; - xen_pfn_t pgpfn; - -+ if ( l2tab == NULL ) -+ goto pfn_error; -+ - for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end; - addr += PAGE_SIZE_X86 ) - { -@@ -151,6 +154,8 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom) - { - /* get L1 tab, make L2 entry */ - l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1); -+ if ( l1tab == NULL ) -+ goto pfn_error; - l2off = l2_table_offset_i386(addr); - l2tab[l2off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT; -@@ -169,6 +174,11 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom) - l1tab = NULL; - } - return 0; -+ -+pfn_error: -+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR, -+ "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__); -+ return -EINVAL; - } - - /* -@@ -219,6 +229,12 @@ static xen_pfn_t move_l3_below_4G(struct xc_dom_image *dom, - goto out; - - l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1); -+ if ( l3tab == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr(dom, l3pfn, 1) => NULL", -+ __FUNCTION__); -+ return l3mfn; /* our one call site will call xc_dom_panic and fail */ -+ } - memset(l3tab, 0, XC_DOM_PAGE_SIZE(dom)); - - DOMPRINTF("%s: successfully relocated L3 below 4G. " -@@ -262,6 +278,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - } - - l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1); -+ if ( l3tab == NULL ) -+ goto pfn_error; - - for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end; - addr += PAGE_SIZE_X86 ) -@@ -270,6 +288,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - { - /* get L2 tab, make L3 entry */ - l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1); -+ if ( l2tab == NULL ) -+ goto pfn_error; - l3off = l3_table_offset_pae(addr); - l3tab[l3off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT; -@@ -280,6 +300,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - { - /* get L1 tab, make L2 entry */ - l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1); -+ if ( l1tab == NULL ) -+ goto pfn_error; - l2off = l2_table_offset_pae(addr); - l2tab[l2off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT; -@@ -306,6 +328,11 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - l3tab[3] = pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT; - } - return 0; -+ -+pfn_error: -+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR, -+ "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__); -+ return -EINVAL; - } - - #undef L1_PROT -@@ -344,6 +371,9 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - uint64_t addr; - xen_pfn_t pgpfn; - -+ if ( l4tab == NULL ) -+ goto pfn_error; -+ - for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end; - addr += PAGE_SIZE_X86 ) - { -@@ -351,6 +381,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - { - /* get L3 tab, make L4 entry */ - l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1); -+ if ( l3tab == NULL ) -+ goto pfn_error; - l4off = l4_table_offset_x86_64(addr); - l4tab[l4off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l3pfn)) | L4_PROT; -@@ -361,6 +393,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - { - /* get L2 tab, make L3 entry */ - l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1); -+ if ( l2tab == NULL ) -+ goto pfn_error; - l3off = l3_table_offset_x86_64(addr); - l3tab[l3off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT; -@@ -373,6 +407,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - { - /* get L1 tab, make L2 entry */ - l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1); -+ if ( l1tab == NULL ) -+ goto pfn_error; - l2off = l2_table_offset_x86_64(addr); - l2tab[l2off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT; -@@ -393,6 +429,11 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - l1tab = NULL; - } - return 0; -+ -+pfn_error: -+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR, -+ "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__); -+ return -EINVAL; - } - - #undef L1_PROT -@@ -410,6 +451,8 @@ static int alloc_magic_pages(struct xc_dom_image *dom) - if ( xc_dom_alloc_segment(dom, &dom->p2m_seg, "phys2mach", 0, p2m_size) ) - return -1; - dom->p2m_guest = xc_dom_seg_to_ptr(dom, &dom->p2m_seg); -+ if ( dom->p2m_guest == NULL ) -+ return -1; - - /* allocate special pages */ - dom->start_info_pfn = xc_dom_alloc_page(dom, "start info"); -@@ -434,6 +477,12 @@ static int start_info_x86_32(struct xc_dom_image *dom) - - DOMPRINTF_CALLED(dom->xch); - -+ if ( start_info == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__); -+ return -1; /* our caller throws away our return value :-/ */ -+ } -+ - memset(start_info, 0, sizeof(*start_info)); - strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic)); - start_info->magic[sizeof(start_info->magic) - 1] = '\0'; -@@ -474,6 +523,12 @@ static int start_info_x86_64(struct xc_dom_image *dom) - - DOMPRINTF_CALLED(dom->xch); - -+ if ( start_info == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__); -+ return -1; /* our caller throws away our return value :-/ */ -+ } -+ - memset(start_info, 0, sizeof(*start_info)); - strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic)); - start_info->magic[sizeof(start_info->magic) - 1] = '\0'; -diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c -index b4c0b10..3994f8f 100644 ---- a/tools/libxc/xc_domain_restore.c -+++ b/tools/libxc/xc_domain_restore.c -@@ -1556,6 +1556,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - mfn = ctx->p2m[pfn]; - buf = xc_map_foreign_range(xch, dom, PAGE_SIZE, - PROT_READ | PROT_WRITE, mfn); -+ if ( buf == NULL ) -+ { -+ ERROR("xc_map_foreign_range for generation id" -+ " buffer failed"); -+ goto out; -+ } - - generationid = *(unsigned long long *)(buf + offset); - *(unsigned long long *)(buf + offset) = generationid + 1; -@@ -1713,6 +1719,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - l3tab = (uint64_t *) - xc_map_foreign_range(xch, dom, PAGE_SIZE, - PROT_READ, ctx->p2m[i]); -+ if ( l3tab == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for l3tab)"); -+ goto out; -+ } - - for ( j = 0; j < 4; j++ ) - l3ptes[j] = l3tab[j]; -@@ -1739,6 +1750,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - l3tab = (uint64_t *) - xc_map_foreign_range(xch, dom, PAGE_SIZE, - PROT_READ | PROT_WRITE, ctx->p2m[i]); -+ if ( l3tab == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for l3tab, 2nd)"); -+ goto out; -+ } - - for ( j = 0; j < 4; j++ ) - l3tab[j] = l3ptes[j]; -@@ -1909,6 +1925,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - SET_FIELD(ctxt, user_regs.edx, mfn); - start_info = xc_map_foreign_range( - xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE, mfn); -+ if ( start_info == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for start_info)"); -+ goto out; -+ } -+ - SET_FIELD(start_info, nr_pages, dinfo->p2m_size); - SET_FIELD(start_info, shared_info, shared_info_frame<<PAGE_SHIFT); - SET_FIELD(start_info, flags, 0); -@@ -2056,6 +2078,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - /* Restore contents of shared-info page. No checking needed. */ - new_shared_info = xc_map_foreign_range( - xch, dom, PAGE_SIZE, PROT_WRITE, shared_info_frame); -+ if ( new_shared_info == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for new_shared_info)"); -+ goto out; -+ } - - /* restore saved vcpu_info and arch specific info */ - MEMCPY_FIELD(new_shared_info, old_shared_info, vcpu_info); -diff --git a/tools/libxc/xc_offline_page.c b/tools/libxc/xc_offline_page.c -index 089a361..36b9812 100644 ---- a/tools/libxc/xc_offline_page.c -+++ b/tools/libxc/xc_offline_page.c -@@ -714,6 +714,11 @@ int xc_exchange_page(xc_interface *xch, int domid, xen_pfn_t mfn) - - new_p = xc_map_foreign_range(xch, domid, PAGE_SIZE, - PROT_READ|PROT_WRITE, new_mfn); -+ if ( new_p == NULL ) -+ { -+ ERROR("failed to map new_p for copy, guest may be broken?"); -+ goto failed; -+ } - memcpy(new_p, backup, PAGE_SIZE); - munmap(new_p, PAGE_SIZE); - mops.arg1.mfn = new_mfn; --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-2-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-2-XSA-55.patch deleted file mode 100644 index c26605ff4499..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-2-XSA-55.patch +++ /dev/null @@ -1,56 +0,0 @@ -From a672da4b2d58ef12be9d7407160e9fb43cac75d9 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:16 +0100 -Subject: [PATCH 02/23] libxc: introduce xc_dom_seg_to_ptr_pages - -Provide a version of xc_dom_seg_to_ptr which returns the number of -guest pages it has actually mapped. This is useful for callers who -want to do range checking; we will use this later in this series. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> ---- - tools/libxc/xc_dom.h | 19 ++++++++++++++++--- - 1 files changed, 16 insertions(+), 3 deletions(-) - -diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h -index 6a72aa9..9af2195 100644 ---- a/tools/libxc/xc_dom.h -+++ b/tools/libxc/xc_dom.h -@@ -278,14 +278,27 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t first, - void xc_dom_unmap_one(struct xc_dom_image *dom, xen_pfn_t pfn); - void xc_dom_unmap_all(struct xc_dom_image *dom); - --static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom, -- struct xc_dom_seg *seg) -+static inline void *xc_dom_seg_to_ptr_pages(struct xc_dom_image *dom, -+ struct xc_dom_seg *seg, -+ xen_pfn_t *pages_out) - { - xen_vaddr_t segsize = seg->vend - seg->vstart; - unsigned int page_size = XC_DOM_PAGE_SIZE(dom); - xen_pfn_t pages = (segsize + page_size - 1) / page_size; -+ void *retval; -+ -+ retval = xc_dom_pfn_to_ptr(dom, seg->pfn, pages); -+ -+ *pages_out = retval ? pages : 0; -+ return retval; -+} -+ -+static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom, -+ struct xc_dom_seg *seg) -+{ -+ xen_pfn_t dummy; - -- return xc_dom_pfn_to_ptr(dom, seg->pfn, pages); -+ return xc_dom_seg_to_ptr_pages(dom, seg, &dummy); - } - - static inline void *xc_dom_vaddr_to_ptr(struct xc_dom_image *dom, --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-20to23-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-20to23-XSA-55.patch deleted file mode 100644 index b4c6dcad2961..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-20to23-XSA-55.patch +++ /dev/null @@ -1,381 +0,0 @@ -From 8dc90d163650ce8aa36ae0b46debab83cc61edb6 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:19 +0100 -Subject: [PATCH 20/23] libxc: check return values from malloc - -A sufficiently malformed input to libxc (such as a malformed input ELF -or other guest-controlled data) might cause one of libxc's malloc() to -fail. In this case we need to make sure we don't dereference or do -pointer arithmetic on the result. - -Search for all occurrences of \b(m|c|re)alloc in libxc, and all -functions which call them, and add appropriate error checking where -missing. - -This includes the functions xc_dom_malloc*, which now print a message -when they fail so that callers don't have to do so. - -The function xc_cpuid_to_str wasn't provided with a sane return value -and has a pretty strange API, which now becomes a little stranger. -There are no in-tree callers. - -Changes in the Xen 4.2 version of this series: -* No need to fix code relating to ARM. -* No need to fix code relating to superpage support. -* Additionally fix `dom->p2m_host = xc_dom_malloc...' in xc_dom_ia64.c. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/xc_cpuid_x86.c | 20 ++++++++++++++++++-- - tools/libxc/xc_dom_core.c | 13 +++++++++++++ - tools/libxc/xc_dom_elfloader.c | 2 ++ - tools/libxc/xc_dom_ia64.c | 6 ++++++ - tools/libxc/xc_dom_x86.c | 3 +++ - tools/libxc/xc_domain_restore.c | 5 +++++ - tools/libxc/xc_linux_osdep.c | 4 ++++ - tools/libxc/xc_private.c | 2 ++ - tools/libxc/xenctrl.h | 2 +- - 9 files changed, 54 insertions(+), 3 deletions(-) - -diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c -index 0882ce6..da435ce 100644 ---- a/tools/libxc/xc_cpuid_x86.c -+++ b/tools/libxc/xc_cpuid_x86.c -@@ -589,6 +589,8 @@ static int xc_cpuid_do_domctl( - static char *alloc_str(void) - { - char *s = malloc(33); -+ if ( s == NULL ) -+ return s; - memset(s, 0, 33); - return s; - } -@@ -600,6 +602,8 @@ void xc_cpuid_to_str(const unsigned int *regs, char **strs) - for ( i = 0; i < 4; i++ ) - { - strs[i] = alloc_str(); -+ if ( strs[i] == NULL ) -+ continue; - for ( j = 0; j < 32; j++ ) - strs[i][j] = !!((regs[i] & (1U << (31 - j)))) ? '1' : '0'; - } -@@ -680,7 +684,7 @@ int xc_cpuid_check( - const char **config, - char **config_transformed) - { -- int i, j; -+ int i, j, rc; - unsigned int regs[4]; - - memset(config_transformed, 0, 4 * sizeof(*config_transformed)); -@@ -692,6 +696,11 @@ int xc_cpuid_check( - if ( config[i] == NULL ) - continue; - config_transformed[i] = alloc_str(); -+ if ( config_transformed[i] == NULL ) -+ { -+ rc = -ENOMEM; -+ goto fail_rc; -+ } - for ( j = 0; j < 32; j++ ) - { - unsigned char val = !!((regs[i] & (1U << (31 - j)))); -@@ -708,12 +717,14 @@ int xc_cpuid_check( - return 0; - - fail: -+ rc = -EPERM; -+ fail_rc: - for ( i = 0; i < 4; i++ ) - { - free(config_transformed[i]); - config_transformed[i] = NULL; - } -- return -EPERM; -+ return rc; - } - - /* -@@ -758,6 +769,11 @@ int xc_cpuid_set( - } - - config_transformed[i] = alloc_str(); -+ if ( config_transformed[i] == NULL ) -+ { -+ rc = -ENOMEM; -+ goto fail; -+ } - - for ( j = 0; j < 32; j++ ) - { -diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c -index a54ddae..3cbf9f7 100644 ---- a/tools/libxc/xc_dom_core.c -+++ b/tools/libxc/xc_dom_core.c -@@ -120,9 +120,17 @@ void *xc_dom_malloc(struct xc_dom_image *dom, size_t size) - { - struct xc_dom_mem *block; - -+ if ( size > SIZE_MAX - sizeof(*block) ) -+ { -+ DOMPRINTF("%s: unreasonable allocation size", __FUNCTION__); -+ return NULL; -+ } - block = malloc(sizeof(*block) + size); - if ( block == NULL ) -+ { -+ DOMPRINTF("%s: allocation failed", __FUNCTION__); - return NULL; -+ } - memset(block, 0, sizeof(*block) + size); - block->next = dom->memblocks; - dom->memblocks = block; -@@ -138,7 +146,10 @@ void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size) - - block = malloc(sizeof(*block)); - if ( block == NULL ) -+ { -+ DOMPRINTF("%s: allocation failed", __FUNCTION__); - return NULL; -+ } - memset(block, 0, sizeof(*block)); - block->mmap_len = size; - block->mmap_ptr = mmap(NULL, block->mmap_len, -@@ -146,6 +157,7 @@ void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size) - -1, 0); - if ( block->mmap_ptr == MAP_FAILED ) - { -+ DOMPRINTF("%s: mmap failed", __FUNCTION__); - free(block); - return NULL; - } -@@ -202,6 +214,7 @@ void *xc_dom_malloc_filemap(struct xc_dom_image *dom, - close(fd); - if ( block != NULL ) - free(block); -+ DOMPRINTF("%s: failed (on file `%s')", __FUNCTION__, filename); - return NULL; - } - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 61b5798..be58276 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -329,6 +329,8 @@ static elf_errorstatus xc_dom_parse_elf_kernel(struct xc_dom_image *dom) - return rc; - - elf = xc_dom_malloc(dom, sizeof(*elf)); -+ if ( elf == NULL ) -+ return -1; - dom->private_loader = elf; - rc = elf_init(elf, dom->kernel_blob, dom->kernel_size); - xc_elf_set_logfile(dom->xch, elf, 1); -diff --git a/tools/libxc/xc_dom_ia64.c b/tools/libxc/xc_dom_ia64.c -index 7c0eff1..076821c 100644 ---- a/tools/libxc/xc_dom_ia64.c -+++ b/tools/libxc/xc_dom_ia64.c -@@ -188,6 +188,12 @@ int arch_setup_meminit(struct xc_dom_image *dom) - - /* setup initial p2m */ - dom->p2m_host = xc_dom_malloc(dom, sizeof(xen_pfn_t) * nbr); -+ if ( dom->p2m_host == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_malloc failed for p2m_host", -+ __FUNCTION__); -+ return -1; -+ } - for ( pfn = 0; pfn < nbr; pfn++ ) - dom->p2m_host[pfn] = start + pfn; - -diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c -index 75d6b83..448d9a1 100644 ---- a/tools/libxc/xc_dom_x86.c -+++ b/tools/libxc/xc_dom_x86.c -@@ -780,6 +780,9 @@ int arch_setup_meminit(struct xc_dom_image *dom) - } - - dom->p2m_host = xc_dom_malloc(dom, sizeof(xen_pfn_t) * dom->total_pages); -+ if ( dom->p2m_host == NULL ) -+ return -EINVAL; -+ - if ( dom->superpages ) - { - int count = dom->total_pages >> SUPERPAGE_PFN_SHIFT; -diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c -index 3994f8f..f9ed6b2 100644 ---- a/tools/libxc/xc_domain_restore.c -+++ b/tools/libxc/xc_domain_restore.c -@@ -1180,6 +1180,11 @@ static int apply_batch(xc_interface *xch, uint32_t dom, struct restore_ctx *ctx, - - /* Map relevant mfns */ - pfn_err = calloc(j, sizeof(*pfn_err)); -+ if ( pfn_err == NULL ) -+ { -+ PERROR("allocation for pfn_err failed"); -+ return -1; -+ } - region_base = xc_map_foreign_bulk( - xch, dom, PROT_WRITE, region_mfn, pfn_err, j); - -diff --git a/tools/libxc/xc_linux_osdep.c b/tools/libxc/xc_linux_osdep.c -index 787e742..98e041c 100644 ---- a/tools/libxc/xc_linux_osdep.c -+++ b/tools/libxc/xc_linux_osdep.c -@@ -378,6 +378,8 @@ static void *linux_privcmd_map_foreign_range(xc_interface *xch, xc_osdep_handle - - num = (size + XC_PAGE_SIZE - 1) >> XC_PAGE_SHIFT; - arr = calloc(num, sizeof(xen_pfn_t)); -+ if ( arr == NULL ) -+ return NULL; - - for ( i = 0; i < num; i++ ) - arr[i] = mfn + i; -@@ -402,6 +404,8 @@ static void *linux_privcmd_map_foreign_ranges(xc_interface *xch, xc_osdep_handle - num_per_entry = chunksize >> XC_PAGE_SHIFT; - num = num_per_entry * nentries; - arr = calloc(num, sizeof(xen_pfn_t)); -+ if ( arr == NULL ) -+ return NULL; - - for ( i = 0; i < nentries; i++ ) - for ( j = 0; j < num_per_entry; j++ ) -diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c -index 3e03a91..848ceed 100644 ---- a/tools/libxc/xc_private.c -+++ b/tools/libxc/xc_private.c -@@ -771,6 +771,8 @@ const char *xc_strerror(xc_interface *xch, int errcode) - errbuf = pthread_getspecific(errbuf_pkey); - if (errbuf == NULL) { - errbuf = malloc(XS_BUFSIZE); -+ if ( errbuf == NULL ) -+ return "(failed to allocate errbuf)"; - pthread_setspecific(errbuf_pkey, errbuf); - } - -diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h -index b7741ca..8952048 100644 ---- a/tools/libxc/xenctrl.h -+++ b/tools/libxc/xenctrl.h -@@ -1778,7 +1778,7 @@ int xc_cpuid_set(xc_interface *xch, - int xc_cpuid_apply_policy(xc_interface *xch, - domid_t domid); - void xc_cpuid_to_str(const unsigned int *regs, -- char **strs); -+ char **strs); /* some strs[] may be NULL if ENOMEM */ - int xc_mca_op(xc_interface *xch, struct xen_mc *mc); - #endif - --- -1.7.2.5 -#From 052a689aa526ca51fd70528d4b0f83dfb2de99c1 Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:19 +0100 -#Subject: [PATCH 21/23] libxc: range checks in xc_dom_p2m_host and _guest -# -#These functions take guest pfns and look them up in the p2m. They did -#no range checking. -# -#However, some callers, notably xc_dom_boot.c:setup_hypercall_page want -#to pass untrusted guest-supplied value(s). It is most convenient to -#detect this here and return INVALID_MFN. -# -#This is part of the fix to a security issue, XSA-55. -# -#Changes from Xen 4.2 version of this patch: -#* 4.2 lacks dom->rambase_pfn, so don't add/subtract/check it. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -#--- -# tools/libxc/xc_dom.h | 4 ++++ -# 1 files changed, 4 insertions(+), 0 deletions(-) -# -diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h -index 0161459..d801f66 100644 ---- a/tools/libxc/xc_dom.h -+++ b/tools/libxc/xc_dom.h -@@ -331,6 +331,8 @@ static inline xen_pfn_t xc_dom_p2m_host(struct xc_dom_image *dom, xen_pfn_t pfn) - { - if (dom->shadow_enabled) - return pfn; -+ if (pfn >= dom->total_pages) -+ return INVALID_MFN; - return dom->p2m_host[pfn]; - } - -@@ -339,6 +341,8 @@ static inline xen_pfn_t xc_dom_p2m_guest(struct xc_dom_image *dom, - { - if (xc_dom_feature_translated(dom)) - return pfn; -+ if (pfn >= dom->total_pages) -+ return INVALID_MFN; - return dom->p2m_host[pfn]; - } - --- -1.7.2.5 -#From 2a548e22915535ac13694eb38222903bca7245e3 Mon Sep 17 00:00:00 2001 -#From: Matthew Daley <mattjd@gmail.com> -#Date: Fri, 14 Jun 2013 16:43:19 +0100 -#Subject: [PATCH 22/23] libxc: check blob size before proceeding in xc_dom_check_gzip -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Matthew Daley <mattjd@gmail.com> -#--- -# tools/libxc/xc_dom_core.c | 5 +++++ -# 1 files changed, 5 insertions(+), 0 deletions(-) -# -diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c -index 3cbf9f7..f8d1b08 100644 ---- a/tools/libxc/xc_dom_core.c -+++ b/tools/libxc/xc_dom_core.c -@@ -284,6 +284,11 @@ size_t xc_dom_check_gzip(xc_interface *xch, void *blob, size_t ziplen) - unsigned char *gzlen; - size_t unziplen; - -+ if ( ziplen < 6 ) -+ /* Too small. We need (i.e. the subsequent code relies on) -+ * 2 bytes for the magic number plus 4 bytes length. */ -+ return 0; -+ - if ( strncmp(blob, "\037\213", 2) ) - /* not gzipped */ - return 0; --- -1.7.2.5 -#From d21d36e84354c04638b60a739a5f7c3d9f8adaf8 Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:19 +0100 -#Subject: [PATCH 23/23] libxc: Better range check in xc_dom_alloc_segment -# -#If seg->pfn is too large, the arithmetic in the range check might -#overflow, defeating the range check. -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -#Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -#--- -# tools/libxc/xc_dom_core.c | 3 ++- -# 1 files changed, 2 insertions(+), 1 deletions(-) -# -diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c -index f8d1b08..e79e38d 100644 ---- a/tools/libxc/xc_dom_core.c -+++ b/tools/libxc/xc_dom_core.c -@@ -509,7 +509,8 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom, - seg->vstart = start; - seg->pfn = (seg->vstart - dom->parms.virt_base) / page_size; - -- if ( pages > dom->total_pages || /* double test avoids overflow probs */ -+ if ( pages > dom->total_pages || /* multiple test avoids overflow probs */ -+ seg->pfn > dom->total_pages || - pages > dom->total_pages - seg->pfn) - { - xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY, --- -1.7.2.5 - - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-3-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-3-XSA-55.patch deleted file mode 100644 index 59303215e67e..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-3-XSA-55.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 8c738fa5c1f3cfcd935b6191b3526f7ac8b2a5bd Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:16 +0100 -Subject: [PATCH 03/23] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. - -* Ensure that xc_dom_pfn_to_ptr (when called with count==0) does not - return a previously-allocated block which is entirely before the - requested pfn (!) - -* Provide a version of xc_dom_pfn_to_ptr, xc_dom_pfn_to_ptr_retcount, - which provides the length of the mapped region via an out parameter. - -* Change xc_dom_vaddr_to_ptr to always provide the length of the - mapped region and change the call site in xc_dom_binloader.c to - check it. The call site in xc_dom_load_elf_symtab will be corrected - in a forthcoming patch, and for now ignores the returned length. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/xc_dom.h | 16 +++++++++++++--- - tools/libxc/xc_dom_binloader.c | 11 ++++++++++- - tools/libxc/xc_dom_core.c | 13 +++++++++++++ - tools/libxc/xc_dom_elfloader.c | 3 ++- - 4 files changed, 38 insertions(+), 5 deletions(-) - -diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h -index 9af2195..9f8037e 100644 ---- a/tools/libxc/xc_dom.h -+++ b/tools/libxc/xc_dom.h -@@ -275,6 +275,8 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom, - - void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t first, - xen_pfn_t count); -+void *xc_dom_pfn_to_ptr_retcount(struct xc_dom_image *dom, xen_pfn_t first, -+ xen_pfn_t count, xen_pfn_t *count_out); - void xc_dom_unmap_one(struct xc_dom_image *dom, xen_pfn_t pfn); - void xc_dom_unmap_all(struct xc_dom_image *dom); - -@@ -302,13 +304,21 @@ static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom, - } - - static inline void *xc_dom_vaddr_to_ptr(struct xc_dom_image *dom, -- xen_vaddr_t vaddr) -+ xen_vaddr_t vaddr, -+ size_t *safe_region_out) - { - unsigned int page_size = XC_DOM_PAGE_SIZE(dom); - xen_pfn_t page = (vaddr - dom->parms.virt_base) / page_size; - unsigned int offset = (vaddr - dom->parms.virt_base) % page_size; -- void *ptr = xc_dom_pfn_to_ptr(dom, page, 0); -- return (ptr ? (ptr + offset) : NULL); -+ xen_pfn_t safe_region_count; -+ void *ptr; -+ -+ *safe_region_out = 0; -+ ptr = xc_dom_pfn_to_ptr_retcount(dom, page, 0, &safe_region_count); -+ if ( ptr == NULL ) -+ return ptr; -+ *safe_region_out = (safe_region_count << XC_DOM_PAGE_SHIFT(dom)) - offset; -+ return ptr; - } - - static inline int xc_dom_feature_translated(struct xc_dom_image *dom) -diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c -index 769e97d..bde93f7 100644 ---- a/tools/libxc/xc_dom_binloader.c -+++ b/tools/libxc/xc_dom_binloader.c -@@ -249,6 +249,7 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom) - char *image = dom->kernel_blob; - char *dest; - size_t image_size = dom->kernel_size; -+ size_t dest_size; - uint32_t start_addr; - uint32_t load_end_addr; - uint32_t bss_end_addr; -@@ -272,7 +273,15 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom) - DOMPRINTF(" text_size: 0x%" PRIx32 "", text_size); - DOMPRINTF(" bss_size: 0x%" PRIx32 "", bss_size); - -- dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart); -+ dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart, &dest_size); -+ -+ if ( dest_size < text_size || -+ dest_size - text_size < bss_size ) -+ { -+ DOMPRINTF("%s: mapped region is too small for image", __FUNCTION__); -+ return -EINVAL; -+ } -+ - memcpy(dest, image + skip, text_size); - memset(dest + text_size, 0, bss_size); - -diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c -index 2a01d7c..8913e41 100644 ---- a/tools/libxc/xc_dom_core.c -+++ b/tools/libxc/xc_dom_core.c -@@ -351,10 +351,19 @@ int xc_dom_try_gunzip(struct xc_dom_image *dom, void **blob, size_t * size) - void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t pfn, - xen_pfn_t count) - { -+ xen_pfn_t count_out_dummy; -+ return xc_dom_pfn_to_ptr_retcount(dom, pfn, count, &count_out_dummy); -+} -+ -+void *xc_dom_pfn_to_ptr_retcount(struct xc_dom_image *dom, xen_pfn_t pfn, -+ xen_pfn_t count, xen_pfn_t *count_out) -+{ - struct xc_dom_phys *phys; - unsigned int page_shift = XC_DOM_PAGE_SHIFT(dom); - char *mode = "unset"; - -+ *count_out = 0; -+ - if ( pfn > dom->total_pages || /* multiple checks to avoid overflows */ - count > dom->total_pages || - pfn > dom->total_pages - count ) -@@ -384,6 +393,7 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t pfn, - phys->count); - return NULL; - } -+ *count_out = count; - } - else - { -@@ -391,6 +401,9 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t pfn, - just hand out a pointer to it */ - if ( pfn < phys->first ) - continue; -+ if ( pfn >= phys->first + phys->count ) -+ continue; -+ *count_out = phys->count - (pfn - phys->first); - } - return phys->ptr + ((pfn - phys->first) << page_shift); - } -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 2e69559..031b5b6 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -130,10 +130,11 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - - if ( load ) - { -+ size_t allow_size; /* will be used in a forthcoming XSA-55 patch */ - if ( !dom->bsd_symtab_start ) - return 0; - size = dom->kernel_seg.vend - dom->bsd_symtab_start; -- hdr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start); -+ hdr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size); - *(int *)hdr = size - sizeof(int); - } - else --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-4-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-4-XSA-55.patch deleted file mode 100644 index 6eb2bac5c0f6..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-4-XSA-55.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 035634047d10c678cbb8801c4263747bdaf4e5b1 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:16 +0100 -Subject: [PATCH 04/23] libelf: add `struct elf_binary*' parameter to elf_load_image - -The meat of this function is going to need a copy of the elf pointer, -in forthcoming patches. - -No functional change in this patch. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> ---- - xen/common/libelf/libelf-loader.c | 8 +++++--- - 1 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index ab58b8b..0559d88 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -108,7 +108,8 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, - elf->verbose = verbose; - } - --static int elf_load_image(void *dst, const void *src, uint64_t filesz, uint64_t memsz) -+static int elf_load_image(struct elf_binary *elf, -+ void *dst, const void *src, uint64_t filesz, uint64_t memsz) - { - memcpy(dst, src, filesz); - memset(dst + filesz, 0, memsz - filesz); -@@ -122,7 +123,8 @@ void elf_set_verbose(struct elf_binary *elf) - elf->verbose = 1; - } - --static int elf_load_image(void *dst, const void *src, uint64_t filesz, uint64_t memsz) -+static int elf_load_image(struct elf_binary *elf, -+ void *dst, const void *src, uint64_t filesz, uint64_t memsz) - { - int rc; - if ( filesz > ULONG_MAX || memsz > ULONG_MAX ) -@@ -279,7 +281,7 @@ int elf_load_binary(struct elf_binary *elf) - dest = elf_get_ptr(elf, paddr); - elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%p -> 0x%p\n", - __func__, i, dest, dest + filesz); -- if ( elf_load_image(dest, elf->image + offset, filesz, memsz) != 0 ) -+ if ( elf_load_image(elf, dest, elf->image + offset, filesz, memsz) != 0 ) - return -1; - } - --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-5to7-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-5to7-XSA-55.patch deleted file mode 100644 index 6a3ecc08e90d..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-5to7-XSA-55.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 83ec905922b496e1a5756e3a88405eb6c2c6ba88 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:16 +0100 -Subject: [PATCH 05/23] libelf: abolish elf_sval and elf_access_signed - -These are not used anywhere. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> ---- - xen/common/libelf/libelf-tools.c | 28 ---------------------------- - xen/include/xen/libelf.h | 11 ----------- - 2 files changed, 0 insertions(+), 39 deletions(-) - -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index cb97908..2f54142 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -48,34 +48,6 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, const void *ptr, - } - } - --int64_t elf_access_signed(struct elf_binary *elf, const void *ptr, -- uint64_t offset, size_t size) --{ -- int need_swap = elf_swap(elf); -- const int8_t *s8; -- const int16_t *s16; -- const int32_t *s32; -- const int64_t *s64; -- -- switch ( size ) -- { -- case 1: -- s8 = ptr + offset; -- return *s8; -- case 2: -- s16 = ptr + offset; -- return need_swap ? bswap_16(*s16) : *s16; -- case 4: -- s32 = ptr + offset; -- return need_swap ? bswap_32(*s32) : *s32; -- case 8: -- s64 = ptr + offset; -- return need_swap ? bswap_64(*s64) : *s64; -- default: -- return 0; -- } --} -- - uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr) - { - int elf_round = (elf_64bit(elf) ? 8 : 4) - 1; -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index e8f6508..38e490c 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -136,23 +136,12 @@ struct elf_binary { - offsetof(typeof(*(str)),e32.elem), \ - sizeof((str)->e32.elem))) - --#define elf_sval(elf, str, elem) \ -- ((ELFCLASS64 == (elf)->class) \ -- ? elf_access_signed((elf), (str), \ -- offsetof(typeof(*(str)),e64.elem), \ -- sizeof((str)->e64.elem)) \ -- : elf_access_signed((elf), (str), \ -- offsetof(typeof(*(str)),e32.elem), \ -- sizeof((str)->e32.elem))) -- - #define elf_size(elf, str) \ - ((ELFCLASS64 == (elf)->class) \ - ? sizeof((str)->e64) : sizeof((str)->e32)) - - uint64_t elf_access_unsigned(struct elf_binary *elf, const void *ptr, - uint64_t offset, size_t size); --int64_t elf_access_signed(struct elf_binary *elf, const void *ptr, -- uint64_t offset, size_t size); - - uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr); - --- -1.7.2.5 -#From 682a04488e7b3bd6c3448ab60599566eb7c6177a Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:16 +0100 -#Subject: [PATCH 06/23] libelf: move include of <asm/guest_access.h> to top of file -# -#libelf-loader.c #includes <asm/guest_access.h>, when being compiled -#for Xen. Currently it does this in the middle of the file. -# -#Move this #include to the top of the file, before libelf-private.h. -#This is necessary because in forthcoming patches we will introduce -#private #defines of memcpy etc. which would interfere with definitions -#in headers #included from guest_access.h. -# -#No semantic or functional change in this patch. -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -#Acked-by: Ian Campbell <ian.campbell@citrix.com> -#Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -#--- -# xen/common/libelf/libelf-loader.c | 5 ++++- -# 1 files changed, 4 insertions(+), 1 deletions(-) -# -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index 0559d88..ec0706b 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -16,6 +16,10 @@ - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - */ - -+#ifdef __XEN__ -+#include <asm/guest_access.h> -+#endif -+ - #include "libelf-private.h" - - /* ------------------------------------------------------------------------ */ -@@ -116,7 +120,6 @@ static int elf_load_image(struct elf_binary *elf, - return 0; - } - #else --#include <asm/guest_access.h> - - void elf_set_verbose(struct elf_binary *elf) - { --- -1.7.2.5 -#From de9089b449d2508b1ba05590905c7ebaee00c8c4 Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:16 +0100 -#Subject: [PATCH 07/23] libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised -# -#xc_dom_load_elf_symtab (with load==0) calls elf_round_up, but it -#mistakenly used the uninitialised variable "syms" when calculating -#dom->bsd_symtab_start. This should be a reference to "elf". -# -#This change might have the effect of rounding the value differently. -#Previously if the uninitialised value (a single byte on the stack) was -#ELFCLASS64 (ie, 2), the alignment would be to 8 bytes, otherwise to 4. -# -#However, the value is calculated from dom->kernel_seg.vend so this -#could only make a difference if that value wasn't already aligned to 8 -#bytes. -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -#Acked-by: Ian Campbell <ian.campbell@citrix.com> -#--- -# tools/libxc/xc_dom_elfloader.c | 2 +- -# 1 files changed, 1 insertions(+), 1 deletions(-) -# -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 031b5b6..e82f6e9 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -144,7 +144,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - hdr = xc_dom_malloc(dom, size); - if ( hdr == NULL ) - return 0; -- dom->bsd_symtab_start = elf_round_up(&syms, dom->kernel_seg.vend); -+ dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend); - } - - memcpy(hdr + sizeof(int), --- -1.7.2.5 diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-9to10-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-9to10-XSA-55.patch deleted file mode 100644 index 9ec5241bec8c..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-9to10-XSA-55.patch +++ /dev/null @@ -1,261 +0,0 @@ -From 59f66d58180832af6b99a9e4489031b5c2f627ab Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:17 +0100 -Subject: [PATCH 09/23] tools/xcutils/readnotes: adjust print_l1_mfn_valid_note - -Use the new PTRVAL macros and elf_access_unsigned in -print_l1_mfn_valid_note. - -No functional change unless the input is wrong, or we are reading a -file for a different endianness. - -Separated out from the previous patch because this change does produce -a difference in the generated code. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> ---- - tools/xcutils/readnotes.c | 11 ++++++----- - 1 files changed, 6 insertions(+), 5 deletions(-) - -diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c -index 2af047d..7ff2530 100644 ---- a/tools/xcutils/readnotes.c -+++ b/tools/xcutils/readnotes.c -@@ -77,22 +77,23 @@ static void print_numeric_note(const char *prefix, struct elf_binary *elf, - } - - static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf, -- const elf_note *note) -+ ELF_HANDLE_DECL(elf_note) note) - { - int descsz = elf_uval(elf, note, descsz); -- const uint32_t *desc32 = elf_note_desc(elf, note); -- const uint64_t *desc64 = elf_note_desc(elf, note); -+ ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); - - /* XXX should be able to cope with a list of values. */ - switch ( descsz / 2 ) - { - case 8: - printf("%s: mask=%#"PRIx64" value=%#"PRIx64"\n", prefix, -- desc64[0], desc64[1]); -+ elf_access_unsigned(elf, desc, 0, 8), -+ elf_access_unsigned(elf, desc, 8, 8)); - break; - case 4: - printf("%s: mask=%#"PRIx32" value=%#"PRIx32"\n", prefix, -- desc32[0],desc32[1]); -+ (uint32_t)elf_access_unsigned(elf, desc, 0, 4), -+ (uint32_t)elf_access_unsigned(elf, desc, 4, 4)); - break; - } - --- -1.7.2.5 -#From db14d5bd9b6508adfcd2b910f454fae12fa4ba00 Mon Sep 17 00:00:00 2001 -#From: Ian Jackson <ian.jackson@eu.citrix.com> -#Date: Fri, 14 Jun 2013 16:43:17 +0100 -#Subject: [PATCH 10/23] libelf: check nul-terminated strings properly -# -#It is not safe to simply take pointers into the ELF and use them as C -#pointers. They might not be properly nul-terminated (and the pointers -#might be wild). -# -#So we are going to introduce a new function elf_strval for safely -#getting strings. This will check that the addresses are in range and -#that there is a proper nul-terminated string. Of course it might -#discover that there isn't. In that case, it will be made to fail. -#This means that elf_note_name might fail, too. -# -#For the benefit of call sites which are just going to pass the value -#to a printf-like function, we provide elf_strfmt which returns -#"(invalid)" on failure rather than NULL. -# -#In this patch we introduce dummy definitions of these functions. We -#introduce calls to elf_strval and elf_strfmt everywhere, and update -#all the call sites with appropriate error checking. -# -#There is not yet any semantic change, since before this patch all the -#places where we introduce elf_strval dereferenced the value anyway, so -#it mustn't have been NULL. -# -#In future patches, when elf_strval is made able return NULL, when it -#does so it will mark the elf "broken" so that an appropriate -#diagnostic can be printed. -# -#This is part of the fix to a security issue, XSA-55. -# -#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -#Acked-by: Ian Campbell <ian.campbell@citrix.com> -#Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -#--- -# tools/xcutils/readnotes.c | 11 ++++++++--- -# xen/common/libelf/libelf-dominfo.c | 13 ++++++++++--- -# xen/common/libelf/libelf-tools.c | 10 +++++++--- -# xen/include/xen/libelf.h | 7 +++++-- -# 4 files changed, 30 insertions(+), 11 deletions(-) -# -diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c -index 7ff2530..cfae994 100644 ---- a/tools/xcutils/readnotes.c -+++ b/tools/xcutils/readnotes.c -@@ -63,7 +63,7 @@ struct setup_header { - static void print_string_note(const char *prefix, struct elf_binary *elf, - ELF_HANDLE_DECL(elf_note) note) - { -- printf("%s: %s\n", prefix, (char*)elf_note_desc(elf, note)); -+ printf("%s: %s\n", prefix, elf_strfmt(elf, elf_note_desc(elf, note))); - } - - static void print_numeric_note(const char *prefix, struct elf_binary *elf, -@@ -103,10 +103,14 @@ static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, - { - ELF_HANDLE_DECL(elf_note) note; - int notes_found = 0; -+ const char *this_note_name; - - for ( note = start; ELF_HANDLE_PTRVAL(note) < ELF_HANDLE_PTRVAL(end); note = elf_note_next(elf, note) ) - { -- if (0 != strcmp(elf_note_name(elf, note), "Xen")) -+ this_note_name = elf_note_name(elf, note); -+ if (NULL == this_note_name) -+ continue; -+ if (0 != strcmp(this_note_name, "Xen")) - continue; - - notes_found++; -@@ -294,7 +298,8 @@ int main(int argc, char **argv) - - shdr = elf_shdr_by_name(&elf, "__xen_guest"); - if (ELF_HANDLE_VALID(shdr)) -- printf("__xen_guest: %s\n", (char*)elf_section_start(&elf, shdr)); -+ printf("__xen_guest: %s\n", -+ elf_strfmt(&elf, elf_section_start(&elf, shdr))); - - return 0; - } -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 7140d59..b217f8f 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -137,7 +137,10 @@ int elf_xen_parse_note(struct elf_binary *elf, - - if ( note_desc[type].str ) - { -- str = elf_note_desc(elf, note); -+ str = elf_strval(elf, elf_note_desc(elf, note)); -+ if (str == NULL) -+ /* elf_strval will mark elf broken if it fails so no need to log */ -+ return 0; - elf_msg(elf, "%s: %s = \"%s\"\n", __FUNCTION__, - note_desc[type].name, str); - parms->elf_notes[type].type = XEN_ENT_STR; -@@ -220,6 +223,7 @@ static int elf_xen_parse_notes(struct elf_binary *elf, - { - int xen_elfnotes = 0; - ELF_HANDLE_DECL(elf_note) note; -+ const char *note_name; - - parms->elf_note_start = start; - parms->elf_note_end = end; -@@ -227,7 +231,10 @@ static int elf_xen_parse_notes(struct elf_binary *elf, - ELF_HANDLE_PTRVAL(note) < parms->elf_note_end; - note = elf_note_next(elf, note) ) - { -- if ( strcmp(elf_note_name(elf, note), "Xen") ) -+ note_name = elf_note_name(elf, note); -+ if ( note_name == NULL ) -+ continue; -+ if ( strcmp(note_name, "Xen") ) - continue; - if ( elf_xen_parse_note(elf, parms, note) ) - return -1; -@@ -541,7 +548,7 @@ int elf_xen_parse(struct elf_binary *elf, - parms->elf_note_start = ELF_INVALID_PTRVAL; - parms->elf_note_end = ELF_INVALID_PTRVAL; - elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__, -- parms->guest_info); -+ elf_strfmt(elf, parms->guest_info)); - elf_xen_parse_guest_info(elf, parms); - break; - } -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index f1fd886..3a0cde1 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -119,7 +119,7 @@ const char *elf_section_name(struct elf_binary *elf, - if ( ELF_PTRVAL_INVALID(elf->sec_strtab) ) - return "unknown"; - -- return elf->sec_strtab + elf_uval(elf, shdr, sh_name); -+ return elf_strval(elf, elf->sec_strtab + elf_uval(elf, shdr, sh_name)); - } - - ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) -@@ -151,6 +151,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym - ELF_PTRVAL_CONST_VOID end = elf_section_end(elf, elf->sym_tab); - ELF_HANDLE_DECL(elf_sym) sym; - uint64_t info, name; -+ const char *sym_name; - - for ( ; ptr < end; ptr += elf_size(elf, sym) ) - { -@@ -159,7 +160,10 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym - name = elf_uval(elf, sym, st_name); - if ( ELF32_ST_BIND(info) != STB_GLOBAL ) - continue; -- if ( strcmp(elf->sym_strtab + name, symbol) ) -+ sym_name = elf_strval(elf, elf->sym_strtab + name); -+ if ( sym_name == NULL ) /* out of range, oops */ -+ return ELF_INVALID_HANDLE(elf_sym); -+ if ( strcmp(sym_name, symbol) ) - continue; - return sym; - } -@@ -177,7 +181,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index) - - const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { -- return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note); -+ return elf_strval(elf, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note)); - } - - ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index cefd3d3..af5b5c5 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -252,6 +252,9 @@ uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr, - uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr); - - -+#define elf_strval(elf,x) ((const char*)(x)) /* may return NULL in the future */ -+#define elf_strfmt(elf,x) ((const char*)(x)) /* will return (invalid) instead */ -+ - #define elf_memcpy_safe(elf, dst, src, sz) memcpy((dst),(src),(sz)) - #define elf_memset_safe(elf, dst, c, sz) memset((dst),(c),(sz)) - /* -@@ -279,7 +282,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n - ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index); - ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index); - --const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); -+const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); /* might return NULL if inputs are invalid */ - ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); - ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); - -@@ -289,7 +292,7 @@ ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(el - ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol); - ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index); - --const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); -+const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); /* may return NULL */ - ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild deleted file mode 100644 index 61ebab624565..000000000000 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.9 2014/01/01 11:47:20 tomwij Exp $ - -EAPI=4 -PYTHON_DEPEND="2:2.6" - -inherit flag-o-matic eutils multilib python toolchain-funcs - -XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles" -LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci -GRUB_URL=mirror://gnu-alpha/grub -XSAPATCHES="http://dev.gentoo.org/~idella4/" -SRC_URI=" - http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz - $GRUB_URL/grub-0.97.tar.gz - $XEN_EXTFILES_URL/zlib-1.2.3.tar.gz - $LIBPCI_URL/pciutils-2.2.9.tar.bz2 - $XEN_EXTFILES_URL/lwip-1.3.0.tar.gz - $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz - $XSAPATCHES/patches/XSA-55patches.tar.gz - " - -S="${WORKDIR}/xen-${PV}" - -DESCRIPTION="allows to boot Xen domU kernels from a menu.lst laying inside guest filesystem" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="custom-cflags" - -DEPEND="sys-devel/gettext" - -RDEPEND=">=app-emulation/xen-4.2.1" - -pkg_setup() { - python_set_active_version 2 - python_pkg_setup -} - -retar-externals() { - # Purely to unclutter src_prepare - local set="grub-0.97.tar.gz lwip-1.3.0.tar.gz newlib-1.16.0.tar.gz zlib-1.2.3.tar.gz" - - # epatch can't patch in $WORKDIR, requires a sed; Bug #455194. Patchable, but sed informative - sed -e s':AR=${AR-"ar rc"}:AR=${AR-"ar"}:' \ - -i "${WORKDIR}"/zlib-1.2.3/configure - sed -e 's:^AR=ar rc:AR=ar:' \ - -e s':$(AR) $@:$(AR) rc $@:' \ - -i "${WORKDIR}"/zlib-1.2.3/{Makefile,Makefile.in} - einfo "zlib Makefile edited" - - cd "${WORKDIR}" - tar czp zlib-1.2.3 -f zlib-1.2.3.tar.gz - tar czp grub-0.97 -f grub-0.97.tar.gz - tar czp lwip -f lwip-1.3.0.tar.gz - tar czp newlib-1.16.0 -f newlib-1.16.0.tar.gz - mv $set "${S}"/stubdom/ - einfo "tarballs moved to source" -} - -src_prepare() { - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; - fi - - # Patch the unmergeable newlib, fix most of the leftover gcc QA issues - cp "${FILESDIR}"/newlib-implicits.patch stubdom || die - - # Patch stubdom/Makefile to patch insource newlib & prevent internal downloading - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.2.1-externals.patch - - # Drop .config and Fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch - - # fix jobserver in Makefile - epatch "${FILESDIR}"/${PN}-4.2-jserver.patch - - # gcc warnings/QA fix - epatch "${FILESDIR}"/${PN}-4-qa.patch - - # Sec patch - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-CVE-2012-6075-XSA-41.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \ - "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \ - "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \ - "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch - - #Substitute for internal downloading. pciutils copied only due to the only .bz2 - cp "${DISTDIR}"/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" - retar-externals || die "re-tar procedure failed" -} - -src_compile() { - use custom-cflags || unset CFLAGS - if test-flag-CC -fno-strict-overflow; then - append-flags -fno-strict-overflow - fi - - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" -C tools/include - - if use x86; then - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_32" -C stubdom pv-grub - elif use amd64; then - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_64" -C stubdom pv-grub - if use multilib; then - multilib_toolchain_setup x86 - emake CC="$(tc-getCC)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_32" -C stubdom pv-grub - fi - fi -} - -src_install() { - if use x86; then - emake XEN_TARGET_ARCH="x86_32" DESTDIR="${D}" -C stubdom install-grub - fi - if use amd64; then - emake XEN_TARGET_ARCH="x86_64" DESTDIR="${D}" -C stubdom install-grub - if use multilib; then - emake XEN_TARGET_ARCH="x86_32" DESTDIR="${D}" -C stubdom install-grub - fi - fi -} - -pkg_postinst() { - elog "Official Xen Guide and the offical wiki page:" - elog "http://www.gentoo.org/doc/en/xen-guide.xml" - elog "http://wiki.xen.org/wiki/Main_Page" -} diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.3.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.3.ebuild deleted file mode 100644 index fb62ba20d04e..000000000000 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.3.ebuild +++ /dev/null @@ -1,158 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.3.ebuild,v 1.3 2014/02/20 10:25:26 ago Exp $ - -EAPI=4 -PYTHON_DEPEND="2:2.6" - -inherit flag-o-matic eutils multilib python toolchain-funcs - -XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles" -LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci -GRUB_URL=mirror://gnu-alpha/grub - -UPSTREAM_VER=0 -GENTOO_VER= - -[[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-pvgrub/}-upstream-patches-${UPSTREAM_VER}.tar.xz" -[[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-pvgrub/}-gentoo-patches-${GENTOO_VER}.tar.xz" - -SRC_URI=" - http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz - $GRUB_URL/grub-0.97.tar.gz - $XEN_EXTFILES_URL/zlib-1.2.3.tar.gz - $LIBPCI_URL/pciutils-2.2.9.tar.bz2 - $XEN_EXTFILES_URL/lwip-1.3.0.tar.gz - $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${GENTOO_PATCHSET_URI} - " - -S="${WORKDIR}/xen-${PV}" - -DESCRIPTION="allows to boot Xen domU kernels from a menu.lst laying inside guest filesystem" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="custom-cflags" - -DEPEND="sys-devel/gettext" - -RDEPEND=">=app-emulation/xen-4.2.1" - -pkg_setup() { - python_set_active_version 2 - python_pkg_setup -} - -retar-externals() { - # Purely to unclutter src_prepare - local set="grub-0.97.tar.gz lwip-1.3.0.tar.gz newlib-1.16.0.tar.gz zlib-1.2.3.tar.gz" - - # epatch can't patch in $WORKDIR, requires a sed; Bug #455194. Patchable, but sed informative - sed -e s':AR=${AR-"ar rc"}:AR=${AR-"ar"}:' \ - -i "${WORKDIR}"/zlib-1.2.3/configure - sed -e 's:^AR=ar rc:AR=ar:' \ - -e s':$(AR) $@:$(AR) rc $@:' \ - -i "${WORKDIR}"/zlib-1.2.3/{Makefile,Makefile.in} - einfo "zlib Makefile edited" - - cd "${WORKDIR}" - tar czp zlib-1.2.3 -f zlib-1.2.3.tar.gz - tar czp grub-0.97 -f grub-0.97.tar.gz - tar czp lwip -f lwip-1.3.0.tar.gz - tar czp newlib-1.16.0 -f newlib-1.16.0.tar.gz - mv $set "${S}"/stubdom/ - einfo "tarballs moved to source" -} - -src_prepare() { - # Upstream's patchset - if [[ -n ${UPSTREAM_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-upstream - fi - - # Gentoo's patchset - if [[ -n ${GENTOO_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-gentoo - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; - fi - - # Patch the unmergeable newlib, fix most of the leftover gcc QA issues - cp "${FILESDIR}"/newlib-implicits.patch stubdom || die - - # Patch stubdom/Makefile to patch insource newlib & prevent internal downloading - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.2.1-externals.patch - - # Drop .config and Fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch - - # fix jobserver in Makefile - epatch "${FILESDIR}"/${PN}-4.2-jserver.patch - - # gcc warnings/QA fix - epatch "${FILESDIR}"/${P}-qa.patch - - #Substitute for internal downloading. pciutils copied only due to the only .bz2 - cp "${DISTDIR}"/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" - retar-externals || die "re-tar procedure failed" -} - -src_compile() { - use custom-cflags || unset CFLAGS - if test-flag-CC -fno-strict-overflow; then - append-flags -fno-strict-overflow - fi - - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" -C tools/include - - if use x86; then - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_32" -C stubdom pv-grub - elif use amd64; then - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_64" -C stubdom pv-grub - if use multilib; then - multilib_toolchain_setup x86 - emake CC="$(tc-getCC)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_32" -C stubdom pv-grub - fi - fi -} - -src_install() { - if use x86; then - emake XEN_TARGET_ARCH="x86_32" DESTDIR="${D}" -C stubdom install-grub - fi - if use amd64; then - emake XEN_TARGET_ARCH="x86_64" DESTDIR="${D}" -C stubdom install-grub - if use multilib; then - emake XEN_TARGET_ARCH="x86_32" DESTDIR="${D}" -C stubdom install-grub - fi - fi -} - -pkg_postinst() { - elog "Official Xen Guide and the offical wiki page:" - elog "http://www.gentoo.org/doc/en/xen-guide.xml" - elog "http://wiki.xen.org/wiki/Main_Page" -} diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild deleted file mode 100644 index 0166a0b339b9..000000000000 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild,v 1.4 2014/01/01 11:47:20 tomwij Exp $ - -EAPI=4 -PYTHON_DEPEND="2:2.7" - -inherit flag-o-matic eutils multilib python toolchain-funcs - -XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles" -LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci -GRUB_URL=mirror://gnu-alpha/grub -SRC_URI=" - http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz - $GRUB_URL/grub-0.97.tar.gz - $XEN_EXTFILES_URL/zlib-1.2.3.tar.gz - $LIBPCI_URL/pciutils-2.2.9.tar.bz2 - $XEN_EXTFILES_URL/lwip-1.3.0.tar.gz - $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz - $XEN_EXTFILES_URL/polarssl-1.1.4-gpl.tgz" - -S="${WORKDIR}/xen-${PV}" - -DESCRIPTION="allows to boot Xen domU kernels from a menu.lst laying inside guest filesystem" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="custom-cflags" - -DEPEND="sys-devel/gettext - sys-apps/texinfo" - -RDEPEND=">=app-emulation/xen-4.2.1" - -pkg_setup() { - python_set_active_version 2 - python_pkg_setup -} - -retar-externals() { - # Purely to unclutter src_prepare - local set="grub-0.97.tar.gz lwip-1.3.0.tar.gz newlib-1.16.0.tar.gz polarssl-1.1.4-gpl.tgz zlib-1.2.3.tar.gz" - - # epatch can't patch in $WORKDIR, requires a sed; Bug #455194. Patchable, but sed informative - sed -e s':AR=${AR-"ar rc"}:AR=${AR-"ar"}:' \ - -i "${WORKDIR}"/zlib-1.2.3/configure - sed -e 's:^AR=ar rc:AR=ar:' \ - -e s':$(AR) $@:$(AR) rc $@:' \ - -i "${WORKDIR}"/zlib-1.2.3/{Makefile,Makefile.in} - einfo "zlib Makefile edited" - - cd "${WORKDIR}" - tar czp zlib-1.2.3 -f zlib-1.2.3.tar.gz - tar czp grub-0.97 -f grub-0.97.tar.gz - tar czp lwip -f lwip-1.3.0.tar.gz - tar czp newlib-1.16.0 -f newlib-1.16.0.tar.gz - tar czp polarssl-1.1.4 -f polarssl-1.1.4-gpl.tgz - mv $set "${S}"/stubdom/ - einfo "tarballs moved to source" -} - -src_prepare() { - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; - fi - - # Patch the unmergeable newlib, fix most of the leftover gcc QA issues - cp "${FILESDIR}"/newlib-implicits.patch stubdom || die - - # Patch stubdom/Makefile to patch insource newlib & prevent internal downloading - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-externals.patch - - # Drop .config and Fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch - - # fix jobserver in Makefile - epatch "${FILESDIR}"/${PN}-4.2-jserver.patch - - # gcc warnings/QA fix - epatch "${FILESDIR}"/${P}-qa.patch - - # Sec patch - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-CVE-2012-6075-XSA-41.patch - - #Substitute for internal downloading. pciutils copied only due to the only .bz2 - cp "${DISTDIR}"/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" - retar-externals || die "re-tar procedure failed" -} - -src_compile() { - use custom-cflags || unset CFLAGS - if test-flag-CC -fno-strict-overflow; then - append-flags -fno-strict-overflow - fi - - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" -C tools/include - - if use x86; then - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_32" -C stubdom pv-grub - elif use amd64; then - emake CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_64" -C stubdom pv-grub - if use multilib; then - multilib_toolchain_setup x86 - emake CC="$(tc-getCC)" AR="$(tc-getAR)" \ - XEN_TARGET_ARCH="x86_32" -C stubdom pv-grub - fi - fi -} - -src_install() { - if use x86; then - emake XEN_TARGET_ARCH="x86_32" DESTDIR="${D}" -C stubdom install-grub - fi - if use amd64; then - emake XEN_TARGET_ARCH="x86_64" DESTDIR="${D}" -C stubdom install-grub - if use multilib; then - emake XEN_TARGET_ARCH="x86_32" DESTDIR="${D}" -C stubdom install-grub - fi - fi -} - -pkg_postinst() { - elog "Official Xen Guide and the offical wiki page:" - elog "https://wiki.gentoo.org/wiki/Xen" - elog "http://wiki.xen.org/wiki/Main_Page" -} |