[xen] update to xen-4.2.2 (includes security fixes), allow xendomains to work better with xl
myoung
myoung at fedoraproject.org
Thu Apr 25 16:35:31 UTC 2013
commit 7b49c0b4856e1611d91e1644759e6d14fe906c0e
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Thu Apr 25 17:33:05 2013 +0100
update to xen-4.2.2 (includes security fixes), allow xendomains to work
better with xl
.gitignore | 2 +-
gcc48.build.patch | 76 ----
libexec.xendomains | 2 +-
sources | 2 +-
...-9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6.patch | 61 ++++
xen.spec | 35 +-
xl.list.-l.format.patch | 20 +
xsa33-4.2-unstable.patch | 21 --
xsa34-4.2.patch | 30 --
xsa35-4.2-with-xsa34.patch | 24 --
xsa36-4.2.patch | 378 --------------------
xsa37-4.2.patch | 23 --
xsa38.patch | 73 ----
xsa41.patch | 137 -------
xsa47-4.2-unstable.patch | 31 --
15 files changed, 101 insertions(+), 814 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5ba7366..d1eea6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,4 @@ newlib-1.16.0.tar.gz
lwip-1.3.0.tar.gz
pciutils-2.2.9.tar.bz2
zlib-1.2.3.tar.gz
-/xen-4.2.1.tar.gz
+/xen-4.2.2.tar.gz
diff --git a/libexec.xendomains b/libexec.xendomains
index 4c6fffc..9e69d21 100755
--- a/libexec.xendomains
+++ b/libexec.xendomains
@@ -243,7 +243,7 @@ start()
for dom in $XENDOMAINS_SAVE/*; do
if [ -f $dom ] ; then
HEADER=`head -c 16 $dom | head -n 1 2> /dev/null`
- if [ $HEADER = "LinuxGuestRecord" ]; then
+ if [ "$HEADER" = "LinuxGuestRecord" -o "$HEADER" = "Xen saved domain" ]; then
echo -n " ${dom##*/}"
XMR=`$CMD restore $dom 2>&1 1>/dev/null`
#$CMD restore $dom
diff --git a/sources b/sources
index dafd12c..64e1cc9 100644
--- a/sources
+++ b/sources
@@ -3,4 +3,4 @@ bf8f1f9e3ca83d732c00a79a6ef29bc4 newlib-1.16.0.tar.gz
36cc57650cffda9a0269493be2a169bb lwip-1.3.0.tar.gz
cec05e7785497c5e19da2f114b934ffd pciutils-2.2.9.tar.bz2
debc62758716a169df9f62e6ab2bc634 zlib-1.2.3.tar.gz
-0d48cbe1767b82aba12517898d4e0408 xen-4.2.1.tar.gz
+f7362b19401a47826f2d8fd603a1782a xen-4.2.2.tar.gz
diff --git a/xen.git-9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6.patch b/xen.git-9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6.patch
new file mode 100644
index 0000000..36d942a
--- /dev/null
+++ b/xen.git-9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6.patch
@@ -0,0 +1,61 @@
+From 9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6 Mon Sep 17 00:00:00 2001
+From: Bamvor Jian Zhang <bjzhang at suse.com>
+Date: Fri, 11 Jan 2013 12:22:28 +0000
+Subject: [PATCH 1/1] fix wrong path while calling pygrub and libxl-save-helper
+
+in current xen x86_64, the default libexec directory is /usr/lib/xen/bin,
+while the private binder is /usr/lib64/xen/bin. but some commands(pygrub,
+libxl-save-helper) located in private binder directory is called from
+libexec directory which lead to the following error:
+1, for pygrub bootloader:
+
+libxl: debug: libxl_bootloader.c:429:bootloader_disk_attached_cb: /usr/lib/xen/bin/pygrub doesn't exist, falling back to config path
+
+2, for libxl-save-helper:
+
+libxl: cannot execute /usr/lib/xen/bin/libxl-save-helper: No such file or directory
+libxl: error: libxl_utils.c:363:libxl_read_exactly: file/stream truncated reading ipc msg header from domain 3 save/restore helper stdout pipe
+libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: domain 3 save/restore helper [10222] exited with error status 255
+
+there are two ways to fix above error. the first one is make such command
+store in the /usr/lib/xen/bin and /usr/lib64/xen/bin(symbol link to
+previous), e.g. qemu-dm. The second way is using private binder dir
+instead of libexec dir. e.g. xenconsole.
+For these cases, the latter one is suitable.
+
+Signed-off-by: Bamvor Jian Zhang <bjzhang at suse.com>
+Committed-by: Ian Campbell <ian.campbell at citrix.com>
+---
+ tools/libxl/libxl_bootloader.c | 2 +-
+ tools/libxl/libxl_save_callout.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/libxl/libxl_bootloader.c b/tools/libxl/libxl_bootloader.c
+index e103ee9..ed12b2c 100644
+--- a/tools/libxl/libxl_bootloader.c
++++ b/tools/libxl/libxl_bootloader.c
+@@ -419,7 +419,7 @@ static void bootloader_disk_attached_cb(libxl__egc *egc,
+ const char *bltmp;
+ struct stat st;
+
+- bltmp = libxl__abs_path(gc, bootloader, libxl__libexec_path());
++ bltmp = libxl__abs_path(gc, bootloader, libxl__private_bindir_path());
+ /* Check to see if the file exists in this location; if not,
+ * fall back to checking the path */
+ LOG(DEBUG, "Checking for bootloader in libexec path: %s", bltmp);
+diff --git a/tools/libxl/libxl_save_callout.c b/tools/libxl/libxl_save_callout.c
+index 078b7ee..f164e98 100644
+--- a/tools/libxl/libxl_save_callout.c
++++ b/tools/libxl/libxl_save_callout.c
+@@ -172,7 +172,7 @@ static void run_helper(libxl__egc *egc, libxl__save_helper_state *shs,
+ shs->stdout_what = GCSPRINTF("domain %"PRIu32" save/restore helper"
+ " stdout pipe", domid);
+
+- *arg++ = getenv("LIBXL_SAVE_HELPER") ?: LIBEXEC "/" "libxl-save-helper";
++ *arg++ = getenv("LIBXL_SAVE_HELPER") ?: PRIVATE_BINDIR "/" "libxl-save-helper";
+ *arg++ = mode_arg;
+ const char **stream_fd_arg = arg++;
+ for (i=0; i<num_argnums; i++)
+--
+1.7.2.5
+
diff --git a/xen.spec b/xen.spec
index c993725..6f3e8f0 100644
--- a/xen.spec
+++ b/xen.spec
@@ -26,8 +26,8 @@
Summary: Xen is a virtual machine monitor
Name: xen
-Version: 4.2.1
-Release: 10%{?dist}
+Version: 4.2.2
+Release: 1%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -75,16 +75,9 @@ Patch48: qemu-xen.tradonly.patch
Patch49: xen.fedora.efi.build.patch
Patch55: qemu-xen.trad.buildfix.patch
Patch56: xen.fedora19.buildfix.patch
-Patch57: xsa33-4.2-unstable.patch
-Patch58: xsa34-4.2.patch
-Patch59: xsa35-4.2-with-xsa34.patch
-Patch60: xsa36-4.2.patch
-Patch61: xsa37-4.2.patch
Patch62: man.formatting.patch
-Patch63: xsa41.patch
-Patch64: xsa38.patch
-Patch65: gcc48.build.patch
-Patch66: xsa47-4.2-unstable.patch
+Patch63: xl.list.-l.format.patch
+Patch64: xen.git-9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6.patch
Patch100: xen-configure-xend.patch
@@ -250,16 +243,9 @@ manage Xen virtual machines.
%patch49 -p1
%patch55 -p1
%patch56 -p1
-%patch57 -p1
-%patch58 -p1
-%patch59 -p1
-%patch60 -p1
-%patch61 -p1
%patch62 -p1
%patch63 -p1
%patch64 -p1
-%patch65 -p1
-%patch66 -p1
%patch100 -p1
@@ -749,6 +735,19 @@ rm -rf %{buildroot}
%endif
%changelog
+* Thu Apr 25 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.2-1
+- update to xen-4.2.2
+ includes fixes for
+ [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code)
+ passed through IRQs or PCI devices might allow denial of service attack
+ [XSA-46, CVE-2013-1919] (#953568)
+ SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor
+ [XSA-44, CVE-2013-1917] (#953569)
+- remove patches that are included in 4.2.2
+- look for libxl-save-helper in the right place
+- fix xl list -l output when built with yajl2
+- allow xendomains to work with xl saved images
+
* Thu Apr 04 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.1-10
- make xendomains systemd script executable and update it from
init.d version (#919705)
diff --git a/xl.list.-l.format.patch b/xl.list.-l.format.patch
new file mode 100644
index 0000000..aa13218
--- /dev/null
+++ b/xl.list.-l.format.patch
@@ -0,0 +1,20 @@
+xl list -l should produce readable output when built with yajl2 so
+it is compatible with the xendomains script.
+
+Signed-off-by: Michael Young <m.a.young at durham.ac.uk>
+
+--- xen-4.2.2/tools/libxl/libxl_json.h.orig 2013-03-21 17:55:42.000000000 +0000
++++ xen-4.2.2/tools/libxl/libxl_json.h 2013-04-10 22:14:15.938459238 +0100
+@@ -54,7 +54,11 @@
+
+ static inline yajl_gen libxl_yajl_gen_alloc(const yajl_alloc_funcs *allocFuncs)
+ {
+- return yajl_gen_alloc(allocFuncs);
++ yajl_gen g;
++ g = yajl_gen_alloc(allocFuncs);
++ if (g)
++ yajl_gen_config(g, yajl_gen_beautify, 1);
++ return g;
+ }
+
+ #else /* !HAVE_YAJL_V2 */
More information about the scm-commits
mailing list