X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from SMTP.EU.CITRIX.COM (smtp.eu.citrix.com [46.33.159.39])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id F02ECDC0102
	for <alpine-devel@lists.alpinelinux.org>; Fri, 18 Jan 2013 17:09:03 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="4.84,493,1355097600"; 
   d="scan'208";a="757402"
Received: from lonpmailmx01.citrite.net ([10.30.203.162])
  by LONPIPO01.EU.CITRIX.COM with ESMTP/TLS/RC4-MD5; 18 Jan 2013 17:09:01 +0000
Received: from localhost.localdomain (10.30.249.242) by
 LONPMAILMX01.citrite.net (10.30.203.162) with Microsoft SMTP Server id
 8.3.279.5; Fri, 18 Jan 2013 17:09:01 +0000
From: Roger Pau Monne <roger.pau@citrix.com>
To: <alpine-devel@lists.alpinelinux.org>
CC: Roger Pau Monne <roger.pau@citrix.com>
Subject: [alpine-devel] [PATCH] xen: XSA-41 remaining patches
Date: Fri, 18 Jan 2013 18:07:00 +0100
Message-ID: <1358528820-9642-1-git-send-email-roger.pau@citrix.com>
X-Mailer: git-send-email 1.7.7.5 (Apple Git-26)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain

Some patches where not included in the original XSA, this are the
remaining ones (so far).

To be applied to edge and 2.5
---
 main/xen/APKBUILD     |    6 +++-
 main/xen/xsa41b.patch |   67 +++++++++++++++++++++++++++++++++++++++++++++++++
 main/xen/xsa41c.patch |   39 ++++++++++++++++++++++++++++
 3 files changed, 111 insertions(+), 1 deletions(-)
 create mode 100644 main/xen/xsa41b.patch
 create mode 100644 main/xen/xsa41c.patch

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 1aa0d1e..3c3a8a7 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: William Pitcock <nenolod@dereferenced.org>
 pkgname=xen
 pkgver=4.2.1
-pkgrel=3
+pkgrel=4
 pkgdesc="Xen hypervisor"
 url="http://www.xen.org/"
 arch="x86 x86_64"
@@ -20,6 +20,8 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
 	qemu-xen_paths.patch
 	xsa33-4.2-unstable.patch
 	xsa41.patch
+	xsa41b.patch
+	xsa41c.patch
 
 	xenstored.initd
 	xenstored.confd
@@ -137,6 +139,8 @@ md5sums="0d48cbe1767b82aba12517898d4e0408  xen-4.2.1.tar.gz
 1ccde6b36a6f9542a16d998204dc9a22  qemu-xen_paths.patch
 8aa341b27fac3f93a99113c72671c864  xsa33-4.2-unstable.patch
 8ad8942000b8a4be4917599cad9209cf  xsa41.patch
+ed7d0399c6ca6aeee479da5d8f807fe0  xsa41b.patch
+2f3dd7bdc59d104370066d6582725575  xsa41c.patch
 95d8af17bf844d41a015ff32aae51ba1  xenstored.initd
 b017ccdd5e1c27bbf1513e3569d4ff07  xenstored.confd
 ed262f15fb880badb53575539468646c  xenconsoled.initd
diff --git a/main/xen/xsa41b.patch b/main/xen/xsa41b.patch
new file mode 100644
index 0000000..b599c2a
--- /dev/null
+++ b/main/xen/xsa41b.patch
@@ -0,0 +1,67 @@
+From 70454385eeee6f0b3f7a9eddca9f7340b5060824 Mon Sep 17 00:00:00 2001
+From: Michael Contreras <michael@inetric.com>
+Date: Thu, 17 Jan 2013 11:49:37 +0000
+Subject: [PATCH] e1000: Discard oversized packets based on SBP|LPE
+
+Discard packets longer than 16384 when !SBP to match the hardware behavior.
+
+upstream-commit-id: 2c0331f4f7d241995452b99afaf0aab00493334a
+security-tags: XSA-41, CVE-2012-6075
+This is the second of two security fixes for XSA-41.
+
+Signed-off-by: Michael Contreras <michael@inetric.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+diff --git a/tools/qemu-xen/hw/e1000.c b/tools/qemu-xen/hw/e1000.c
+index 37d207e..a5e67a8 100644
+--- a/tools/qemu-xen/hw/e1000.c
++++ b/tools/qemu-xen/hw/e1000.c
+@@ -61,6 +61,8 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
+ 
+ /* this is the size past which hardware will drop packets when setting LPE=0 */
+ #define MAXIMUM_ETHERNET_VLAN_SIZE 1522
++/* this is the size past which hardware will drop packets when setting LPE=1 */
++#define MAXIMUM_ETHERNET_LPE_SIZE 16384
+ 
+ /*
+  * HW models:
+@@ -697,8 +699,9 @@ e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
+     }
+ 
+     /* Discard oversized packets if !LPE and !SBP. */
+-    if (size > MAXIMUM_ETHERNET_VLAN_SIZE
+-        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
++    if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
++        (size > MAXIMUM_ETHERNET_VLAN_SIZE
++        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
+         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
+         return size;
+     }
+diff --git a/tools/qemu-xen-traditional/hw/e1000.c b/tools/qemu-xen-traditional/hw/e1000.c
+index 37d207e..a5e67a8 100644
+--- a/tools/qemu-xen-traditional/hw/e1000.c
++++ b/tools/qemu-xen-traditional/hw/e1000.c
+@@ -61,6 +61,8 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
+ 
+ /* this is the size past which hardware will drop packets when setting LPE=0 */
+ #define MAXIMUM_ETHERNET_VLAN_SIZE 1522
++/* this is the size past which hardware will drop packets when setting LPE=1 */
++#define MAXIMUM_ETHERNET_LPE_SIZE 16384
+ 
+ /*
+  * HW models:
+@@ -697,8 +699,9 @@ e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
+     }
+ 
+     /* Discard oversized packets if !LPE and !SBP. */
+-    if (size > MAXIMUM_ETHERNET_VLAN_SIZE
+-        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
++    if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
++        (size > MAXIMUM_ETHERNET_VLAN_SIZE
++        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
+         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
+         return size;
+     }
+-- 
+1.7.2.5
+
diff --git a/main/xen/xsa41c.patch b/main/xen/xsa41c.patch
new file mode 100644
index 0000000..d346937
--- /dev/null
+++ b/main/xen/xsa41c.patch
@@ -0,0 +1,39 @@
+From 2a1354d655d816feaad7dbdb8364f40a208439c1 Mon Sep 17 00:00:00 2001
+From: Ian Jackson <ian.jackson@eu.citrix.com>
+Date: Thu, 17 Jan 2013 15:52:16 +0000
+Subject: [PATCH] e1000: fix compile warning introduced by security fix, and debugging
+
+e33f918c19e393900b95a2bb6b10668dfe96a8f2, the fix for XSA-41,
+and its cherry picks in 4.2 and 4.1 introduced this compiler warning:
+  hw/e1000.c:641: warning: 'return' with a value, in function returning void
+
+In upstream qemu (where this change came from), e1000_receive returns
+a value used by queueing machinery to decide whether to try
+resubmitting the packet later.  Returning "size" means that the packet
+has been dealt with and should not be retried.
+
+In this old branch (aka qemu-xen-traditional), this machinery is
+absent and e1000_receive returns void.  Fix the return statement.
+
+Also add a debugging statement along the lines of the others in this
+function.
+
+Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
+---
+diff --git a/tools/qemu-xen-traditional/hw/e1000.c b/tools/qemu-xen-traditional/hw/e1000.c
+index 67d2651..c75bc5e 100644
+--- a/tools/qemu-xen-traditional/hw/e1000.c
++++ b/tools/qemu-xen-traditional/hw/e1000.c
+@@ -638,7 +638,8 @@ e1000_receive(void *opaque, const uint8_t *buf, int size)
+         (size > MAXIMUM_ETHERNET_VLAN_SIZE
+         && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
+         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
+-        return size;
++        DBGOUT(RX, "packet too large for applicable LPE/VLAN size\n");
++        return;
+     }
+ 
+     if (!receive_filter(s, buf, size))
+-- 
+1.7.2.5
+
-- 
1.7.7.5 (Apple Git-26)



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---