=> Bootstrap dependency digest>=20010302: found digest-20211005 => Checksum RMD160 OK for xen411/ipxe-git-356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d.tar.gz => Checksum SHA512 OK for xen411/ipxe-git-356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d.tar.gz => Checksum RMD160 OK for xen411/xen-4.11.4.tar.gz => Checksum SHA512 OK for xen411/xen-4.11.4.tar.gz ===> Installing dependencies for xentools411-4.11.4nb5 ========================================================================== The following variables will affect the build process of this package, xentools411-4.11.4nb5. Their current value is shown below: * CURSES_DEFAULT = curses * PYTHON_VERSION_DEFAULT = 39 * VARBASE = /var Based on these variables, the following variables have been set: * CURSES_TYPE = curses * PYPACKAGE = python27 * TERMCAP_TYPE = termcap You may want to abort the process now with CTRL-C and change the value of variables in the first group before continuing. Be sure to run `/usr/bin/make clean' after the changes. ========================================================================== => Tool dependency glib2-tools-[0-9]*: found glib2-tools-2.70.0 => Tool dependency bash-[0-9]*: found bash-5.1.8nb3 => Tool dependency cmake>=2.8.1nb1: found cmake-3.21.3nb2 => Tool dependency gmake>=3.81: found gmake-4.3nb2 => Tool dependency perl>=5.0: found perl-5.34.0nb3 => Tool dependency pkgconf-[0-9]*: found pkgconf-1.8.0 => Tool dependency checkperms>=1.1: found checkperms-1.12 => Build dependency dev86-[0-9]*: found dev86-0.16.21 => Build dependency x11-links>=1.34: found x11-links-1.34 => Build dependency pciutils>=3.0.2: found pciutils-3.7.0nb1 => Build dependency cwrappers>=20150314: found cwrappers-20180325 => Full dependency py27-curses>=0: found py27-curses-2.7.18nb5 => Full dependency python27>=2.7.1nb2: found python27-2.7.18nb4 => Full dependency ocaml>=4.11.2: found ocaml-4.11.2 => Full dependency ocaml-findlib>=1.9.1: found ocaml-findlib-1.9.1 => Full dependency glib2>=2.64.0nb1: found glib2-2.70.0 => Full dependency yajl>=1.0.9: found yajl-2.1.0 => Full dependency argp>=1.3: found argp-1.3nb1 => Full dependency libgcrypt>=1.6.0: found libgcrypt-1.9.4 ===> Skipping vulnerability checks. WARNING: No /usr/pkg/pkgdb/pkg-vulnerabilities file found. WARNING: To fix run: `/usr/sbin/pkg_admin -K /usr/pkg/pkgdb fetch-pkg-vulnerabilities'. ===> Overriding tools for xentools411-4.11.4nb5 ===> Extracting for xentools411-4.11.4nb5 ===> Patching for xentools411-4.11.4nb5 => Applying pkgsrc patches for xentools411-4.11.4nb5 => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-.._ipxe_src_core_settings.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-.._ipxe_src_core_settings.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-.._ipxe_src_core_settings.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- ../ipxe/src/core/settings.c.orig 2016-08-31 18:23:42.000000000 +0200 |+++ ../ipxe/src/core/settings.c 2017-03-24 19:44:07.000000000 +0100 -------------------------- Patching file ../ipxe/src/core/settings.c using Plan A... Hunk #1 succeeded at 305 (offset 1 line). Hunk #2 succeeded at 321 (offset 1 line). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-.._ipxe_src_net_fcels.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-.._ipxe_src_net_fcels.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-.._ipxe_src_net_fcels.c,v 1.2 2019/04/14 17:37:33 bouyer Exp $ | |--- ../ipxe/src/net/fcels.c.orig 2015-01-25 20:27:57.000000000 +0000 |+++ ../ipxe/src/net/fcels.c -------------------------- Patching file ../ipxe/src/net/fcels.c using Plan A... Hunk #1 succeeded at 951 (offset 5 lines). Hunk #2 succeeded at 968 (offset 5 lines). Hunk #3 succeeded at 1011 (offset 5 lines). Hunk #4 succeeded at 1027 (offset 5 lines). Hunk #5 succeeded at 1048 (offset 5 lines). Hunk #6 succeeded at 1098 (offset 5 lines). Hunk #7 succeeded at 1262 (offset 5 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-Config.mk => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-Config.mk Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-Config.mk,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- Config.mk.orig 2018-04-17 19:21:31.000000000 +0200 |+++ Config.mk 2018-04-23 16:15:57.000000000 +0200 -------------------------- Patching file Config.mk using Plan A... Hunk #1 succeeded at 31. Hunk #2 succeeded at 219. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- Makefile.orig 2018-04-17 19:21:31.000000000 +0200 |+++ Makefile 2018-04-23 16:17:25.000000000 +0200 -------------------------- Patching file Makefile using Plan A... Hunk #1 succeeded at 61. Hunk #2 succeeded at 129. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA115-c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA115-c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA115-c,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From e92f3dfeaae21a335e666c9247954424e34e5c56 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:37 +0200 |Subject: [PATCH 01/10] tools/xenstore: allow removing child of a node | exceeding quota | |An unprivileged user of Xenstore is not allowed to write nodes with a |size exceeding a global quota, while privileged users like dom0 are |allowed to write such nodes. The size of a node is the needed space |to store all node specific data, this includes the names of all |children of the node. | |When deleting a node its parent has to be modified by removing the |name of the to be deleted child from it. | |This results in the strange situation that an unprivileged owner of a |node might not succeed in deleting that node in case its parent is |exceeding the quota of that unprivileged user (it might have been |written by dom0), as the user is not allowed to write the updated |parent node. | |Fix that by not checking the quota when writing a node for the |purpose of removing a child's name only. | |The same applies to transaction handling: a node being read during a |transaction is written to the transaction specific area and it should |not be tested for exceeding the quota, as it might not be owned by |the reader and presumably the original write would have failed if the |node is owned by the reader. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 20 +++++++++++--------- | tools/xenstore/xenstored_core.h | 3 ++- | tools/xenstore/xenstored_transaction.c | 2 +- | 3 files changed, 14 insertions(+), 11 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 97ceabf9642d..b43e1018babd 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 417. Hunk #2 succeeded at 428. Hunk #3 succeeded at 456. Hunk #4 succeeded at 1001. Hunk #5 succeeded at 1041. Hunk #6 succeeded at 1117. Hunk #7 succeeded at 1256. Hunk #8 succeeded at 1516. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h |index 56a279cfbb47..3cb1c235a101 100644 |--- tools/xenstore/xenstored_core.h.orig |+++ tools/xenstore/xenstored_core.h -------------------------- Patching file tools/xenstore/xenstored_core.h using Plan A... Hunk #1 succeeded at 151 (offset 2 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_transaction.c b/tools/xenstore/xenstored_transaction.c |index 2824f7b359b8..e87897573469 100644 |--- tools/xenstore/xenstored_transaction.c.orig |+++ tools/xenstore/xenstored_transaction.c -------------------------- Patching file tools/xenstore/xenstored_transaction.c using Plan A... Hunk #1 succeeded at 276. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From e8076f73de65c4816f69d6ebf75839c706145fcd Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:38 +0200 |Subject: [PATCH 02/10] tools/xenstore: ignore transaction id for [un]watch | |Instead of ignoring the transaction id for XS_WATCH and XS_UNWATCH |commands as it is documented in docs/misc/xenstore.txt, it is tested |for validity today. | |Really ignore the transaction id for XS_WATCH and XS_UNWATCH. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 26 ++++++++++++++++---------- | 1 file changed, 16 insertions(+), 10 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index b43e1018babd..bb2f9fd4e76e 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 1268. Hunk #2 succeeded at 1300. Hunk #3 succeeded at 1315. Hunk #4 succeeded at 1331. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From b8c6dbb67ebb449126023446a7d209eedf966537 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:39 +0200 |Subject: [PATCH 03/10] tools/xenstore: fix node accounting after failed node | creation | |When a node creation fails the number of nodes of the domain should be |the same as before the failed node creation. In case of failure when |trying to create a node requiring to create one or more intermediate |nodes as well (e.g. when /a/b/c/d is to be created, but /a/b isn't |existing yet) it might happen that the number of nodes of the creating |domain is not reset to the value it had before. | |So move the quota accounting out of construct_node() and into the node |write loop in create_node() in order to be able to undo the accounting |in case of an error in the intermediate node destructor. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Paul Durrant |Acked-by: Julien Grall |--- | tools/xenstore/xenstored_core.c | 37 ++++++++++++++++++++++----------- | 1 file changed, 25 insertions(+), 12 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index bb2f9fd4e76e..db9b9ca7957d 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 925. Hunk #2 succeeded at 957. Hunk #3 succeeded at 976. Hunk #4 succeeded at 995. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From 318aa75bd0c05423e717ad0b64adb204282025db Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:40 +0200 |Subject: [PATCH 04/10] tools/xenstore: simplify and rename check_event_node() | |There is no path which allows to call check_event_node() without a |event name. So don't let the result depend on the name being NULL and |add an assert() covering that case. | |Rename the function to check_special_event() to better match the |semantics. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_watch.c | 12 +++++------- | 1 file changed, 5 insertions(+), 7 deletions(-) | |diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c |index 7dedca60dfd6..f2f1bed47cc6 100644 |--- tools/xenstore/xenstored_watch.c.orig |+++ tools/xenstore/xenstored_watch.c -------------------------- Patching file tools/xenstore/xenstored_watch.c using Plan A... Hunk #1 succeeded at 47. Hunk #2 succeeded at 85. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From c625fae44aedc246776b52eb1173cf847a3d4d80 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:41 +0200 |Subject: [PATCH 05/10] tools/xenstore: check privilege for | XS_IS_DOMAIN_INTRODUCED | |The Xenstore command XS_IS_DOMAIN_INTRODUCED should be possible for |privileged domains only (the only user in the tree is the xenpaging |daemon). | |Instead of having the privilege test for each command introduce a |per-command flag for that purpose. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 24 ++++++++++++++++++------ | tools/xenstore/xenstored_domain.c | 7 ++----- | 2 files changed, 20 insertions(+), 11 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index db9b9ca7957d..6afd58431111 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 1283. Hunk #2 succeeded at 1296. Hunk #3 succeeded at 1308. Hunk #4 succeeded at 1340. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c |index 1eae703ef680..0e2926e2a3d0 100644 |--- tools/xenstore/xenstored_domain.c.orig |+++ tools/xenstore/xenstored_domain.c -------------------------- Patching file tools/xenstore/xenstored_domain.c using Plan A... Hunk #1 succeeded at 382 (offset 5 lines). Hunk #2 succeeded at 450 (offset 5 lines). Hunk #3 succeeded at 485 (offset 5 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From 461c880600175c06e23a63e62d9f1ccab755d708 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:42 +0200 |Subject: [PATCH 06/10] tools/xenstore: rework node removal | |Today a Xenstore node is being removed by deleting it from the parent |first and then deleting itself and all its children. This results in |stale entries remaining in the data base in case e.g. a memory |allocation is failing during processing. This would result in the |rather strange behavior to be able to read a node (as its still in the |data base) while not being visible in the tree view of Xenstore. | |Fix that by deleting the nodes from the leaf side instead of starting |at the root. | |As fire_watches() is now called from _rm() the ctx parameter needs a |const attribute. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 99 ++++++++++++++++---------------- | tools/xenstore/xenstored_watch.c | 4 +- | tools/xenstore/xenstored_watch.h | 2 +- | 3 files changed, 54 insertions(+), 51 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 6afd58431111..1cb729a2cd5f 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 1087. Hunk #2 succeeded at 1167. Hunk #3 succeeded at 1211. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c |index f2f1bed47cc6..f0bbfe7a6dc6 100644 |--- tools/xenstore/xenstored_watch.c.orig |+++ tools/xenstore/xenstored_watch.c -------------------------- Patching file tools/xenstore/xenstored_watch.c using Plan A... Hunk #1 succeeded at 77. Hunk #2 succeeded at 121. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.h b/tools/xenstore/xenstored_watch.h |index c72ea6a68542..54d4ea7e0d41 100644 |--- tools/xenstore/xenstored_watch.h.orig |+++ tools/xenstore/xenstored_watch.h -------------------------- Patching file tools/xenstore/xenstored_watch.h using Plan A... Hunk #1 succeeded at 25. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From 6ca2e14b43aecc79effc1a0cd528a4aceef44d42 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:43 +0200 |Subject: [PATCH 07/10] tools/xenstore: fire watches only when removing a | specific node | |Instead of firing all watches for removing a subtree in one go, do so |only when the related node is being removed. | |The watches for the top-most node being removed include all watches |including that node, while watches for nodes below that are only fired |if they are matching exactly. This avoids firing any watch more than |once when removing a subtree. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 11 ++++++----- | tools/xenstore/xenstored_watch.c | 13 ++++++++----- | tools/xenstore/xenstored_watch.h | 4 ++-- | 3 files changed, 16 insertions(+), 12 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 1cb729a2cd5f..d7c025616ead 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 1118. Hunk #2 succeeded at 1131. Hunk #3 succeeded at 1143. Hunk #4 succeeded at 1173. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c |index f0bbfe7a6dc6..3836675459fa 100644 |--- tools/xenstore/xenstored_watch.c.orig |+++ tools/xenstore/xenstored_watch.c -------------------------- Patching file tools/xenstore/xenstored_watch.c using Plan A... Hunk #1 succeeded at 122. Hunk #2 succeeded at 134. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.h b/tools/xenstore/xenstored_watch.h |index 54d4ea7e0d41..1b3c80d3dda1 100644 |--- tools/xenstore/xenstored_watch.h.orig |+++ tools/xenstore/xenstored_watch.h -------------------------- Patching file tools/xenstore/xenstored_watch.h using Plan A... Hunk #1 succeeded at 24. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From 2d4f410899bf59e112c107f371c3d164f8a592f8 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:44 +0200 |Subject: [PATCH 08/10] tools/xenstore: introduce node_perms structure | |There are several places in xenstored using a permission array and the |size of that array. Introduce a new struct node_perms containing both. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Acked-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 79 +++++++++++++++---------------- | tools/xenstore/xenstored_core.h | 8 +++- | tools/xenstore/xenstored_domain.c | 12 ++--- | 3 files changed, 50 insertions(+), 49 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index d7c025616ead..fe9943113b9f 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 401. Hunk #2 succeeded at 425. Hunk #3 succeeded at 437. Hunk #4 succeeded at 469. Hunk #5 succeeded at 478. Hunk #6 succeeded at 534. Hunk #7 succeeded at 580. Hunk #8 succeeded at 756. Hunk #9 succeeded at 943. Hunk #10 succeeded at 1226. Hunk #11 succeeded at 1237. Hunk #12 succeeded at 1253. Hunk #13 succeeded at 1542. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h |index 3cb1c235a101..193d93142636 100644 |--- tools/xenstore/xenstored_core.h.orig |+++ tools/xenstore/xenstored_core.h -------------------------- Patching file tools/xenstore/xenstored_core.h using Plan A... Hunk #1 succeeded at 111 (offset 2 lines). Hunk #2 succeeded at 127 (offset 2 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c |index 0e2926e2a3d0..dc51cdfa9aa7 100644 |--- tools/xenstore/xenstored_domain.c.orig |+++ tools/xenstore/xenstored_domain.c -------------------------- Patching file tools/xenstore/xenstored_domain.c using Plan A... Hunk #1 succeeded at 662 (offset 5 lines). Hunk #2 succeeded at 688 (offset 5 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From cddf74031b3c8a108e8fd7db0bf56e9c2809d3e2 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:45 +0200 |Subject: [PATCH 09/10] tools/xenstore: allow special watches for privileged | callers only | |The special watches "@introduceDomain" and "@releaseDomain" should be |allowed for privileged callers only, as they allow to gain information |about presence of other guests on the host. So send watch events for |those watches via privileged connections only. | |In order to allow for disaggregated setups where e.g. driver domains |need to make use of those special watches add support for calling |"set permissions" for those special nodes, too. | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | docs/misc/xenstore.txt | 5 +++ | tools/xenstore/xenstored_core.c | 27 ++++++++------ | tools/xenstore/xenstored_core.h | 2 ++ | tools/xenstore/xenstored_domain.c | 60 +++++++++++++++++++++++++++++++ | tools/xenstore/xenstored_domain.h | 5 +++ | tools/xenstore/xenstored_watch.c | 4 +++ | 6 files changed, 93 insertions(+), 10 deletions(-) | |diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt |index 6f8569d5760f..32969eb3fecd 100644 |--- docs/misc/xenstore.txt.orig |+++ docs/misc/xenstore.txt -------------------------- Patching file docs/misc/xenstore.txt using Plan A... Hunk #1 succeeded at 161 (offset -9 lines). Hunk #2 succeeded at 188 (offset -9 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index fe9943113b9f..720bec269dd3 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 468. Hunk #2 succeeded at 1245. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h |index 193d93142636..f3da6bbc943d 100644 |--- tools/xenstore/xenstored_core.h.orig |+++ tools/xenstore/xenstored_core.h -------------------------- Patching file tools/xenstore/xenstored_core.h using Plan A... Hunk #1 succeeded at 167 (offset 2 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c |index dc51cdfa9aa7..7afabe0ae084 100644 |--- tools/xenstore/xenstored_domain.c.orig |+++ tools/xenstore/xenstored_domain.c -------------------------- Patching file tools/xenstore/xenstored_domain.c using Plan A... Hunk #1 succeeded at 41. Hunk #2 succeeded at 597 (offset 5 lines). Hunk #3 succeeded at 671 (offset 5 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.h b/tools/xenstore/xenstored_domain.h |index 56ae01597475..259183962a9c 100644 |--- tools/xenstore/xenstored_domain.h.orig |+++ tools/xenstore/xenstored_domain.h -------------------------- Patching file tools/xenstore/xenstored_domain.h using Plan A... Hunk #1 succeeded at 65. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c |index 3836675459fa..f4e289362eb6 100644 |--- tools/xenstore/xenstored_watch.c.orig |+++ tools/xenstore/xenstored_watch.c -------------------------- Patching file tools/xenstore/xenstored_watch.c using Plan A... Hunk #1 succeeded at 133. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |-- |2.17.1 | |From e57b7687b43b033fe45e755e285efbe67bc71921 Mon Sep 17 00:00:00 2001 |From: Juergen Gross |Date: Thu, 11 Jun 2020 16:12:46 +0200 |Subject: [PATCH 10/10] tools/xenstore: avoid watch events for nodes without | access | |Today watch events are sent regardless of the access rights of the |node the event is sent for. This enables any guest to e.g. setup a |watch for "/" in order to have a detailed record of all Xenstore |modifications. | |Modify that by sending only watch events for nodes that the watcher |has a chance to see otherwise (either via direct reads or by querying |the children of a node). This includes cases where the visibility of |a node for a watcher is changing (permissions being removed). | |This is part of XSA-115. | |Signed-off-by: Juergen Gross |[julieng: Handle rebase conflict] |Reviewed-by: Julien Grall |Reviewed-by: Paul Durrant |--- | tools/xenstore/xenstored_core.c | 28 +++++----- | tools/xenstore/xenstored_core.h | 15 ++++-- | tools/xenstore/xenstored_domain.c | 6 +-- | tools/xenstore/xenstored_transaction.c | 21 +++++++- | tools/xenstore/xenstored_watch.c | 75 +++++++++++++++++++------- | tools/xenstore/xenstored_watch.h | 2 +- | 6 files changed, 104 insertions(+), 43 deletions(-) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 720bec269dd3..1c2845454560 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 358. Hunk #2 succeeded at 494. Hunk #3 succeeded at 566. Hunk #4 succeeded at 1056. Hunk #5 succeeded at 1078. Hunk #6 succeeded at 1141. Hunk #7 succeeded at 1165. Hunk #8 succeeded at 1238. Hunk #9 succeeded at 1274. Hunk #10 succeeded at 1282. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h |index f3da6bbc943d..e050b27cbdde 100644 |--- tools/xenstore/xenstored_core.h.orig |+++ tools/xenstore/xenstored_core.h -------------------------- Patching file tools/xenstore/xenstored_core.h using Plan A... Hunk #1 succeeded at 154 (offset 2 lines). Hunk #2 succeeded at 175 (offset 2 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c |index 7afabe0ae084..711a11b18ad6 100644 |--- tools/xenstore/xenstored_domain.c.orig |+++ tools/xenstore/xenstored_domain.c -------------------------- Patching file tools/xenstore/xenstored_domain.c using Plan A... Hunk #1 succeeded at 214 (offset 8 lines). Hunk #2 succeeded at 241 (offset -3 lines). Hunk #3 succeeded at 418 (offset 8 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_transaction.c b/tools/xenstore/xenstored_transaction.c |index e87897573469..a7d8c5d475ec 100644 |--- tools/xenstore/xenstored_transaction.c.orig |+++ tools/xenstore/xenstored_transaction.c -------------------------- Patching file tools/xenstore/xenstored_transaction.c using Plan A... Hunk #1 succeeded at 114. Hunk #2 succeeded at 263. Hunk #3 succeeded at 380. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c |index f4e289362eb6..71c108ea99f1 100644 |--- tools/xenstore/xenstored_watch.c.orig |+++ tools/xenstore/xenstored_watch.c -------------------------- Patching file tools/xenstore/xenstored_watch.c using Plan A... Hunk #1 succeeded at 85. Hunk #2 succeeded at 101. Hunk #3 succeeded at 166. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.h b/tools/xenstore/xenstored_watch.h |index 1b3c80d3dda1..03094374f379 100644 |--- tools/xenstore/xenstored_watch.h.orig |+++ tools/xenstore/xenstored_watch.h -------------------------- Patching file tools/xenstore/xenstored_watch.h using Plan A... Hunk #1 succeeded at 26. Hmm... Ignoring the trailing garbage. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA115-o => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA115-o Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA115-o,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: ignore transaction id for [un]watch |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |Instead of ignoring the transaction id for XS_WATCH and XS_UNWATCH |commands as it is documented in docs/misc/xenstore.txt, it is tested |for validity today. | |Really ignore the transaction id for XS_WATCH and XS_UNWATCH. | |This is part of XSA-115. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml |index 74c69f869c..0a0e43d1f0 100644 |--- tools/ocaml/xenstored/process.ml.orig |+++ tools/ocaml/xenstored/process.ml -------------------------- Patching file tools/ocaml/xenstored/process.ml using Plan A... Hunk #1 succeeded at 492. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |The Xenstore command XS_IS_DOMAIN_INTRODUCED should be possible for privileged |domains only (the only user in the tree is the xenpaging daemon). | |This is part of XSA-115. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml |index 0a0e43d1f0..f374abe998 100644 |--- tools/ocaml/xenstored/process.ml.orig |+++ tools/ocaml/xenstored/process.ml -------------------------- Patching file tools/ocaml/xenstored/process.ml using Plan A... Hunk #1 succeeded at 166. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: unify watch firing |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |This will make it easier insert additional checks in a follow-up patch. |All watches are now fired from a single function. | |This is part of XSA-115. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml |index be9c62f27f..d7432c6597 100644 |--- tools/ocaml/xenstored/connection.ml.orig |+++ tools/ocaml/xenstored/connection.ml -------------------------- Patching file tools/ocaml/xenstored/connection.ml using Plan A... Hunk #1 succeeded at 210. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: introduce permissions for special watches |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |The special watches "@introduceDomain" and "@releaseDomain" should be |allowed for privileged callers only, as they allow to gain information |about presence of other guests on the host. So send watch events for |those watches via privileged connections only. | |Start to address this by treating the special watches as regular nodes |in the tree, which gives them normal semantics for permissions. A later |change will restrict the handling, so that they can't be listed, etc. | |This is part of XSA-115. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml |index f374abe998..c3c8ea2f4b 100644 |--- tools/ocaml/xenstored/process.ml.orig |+++ tools/ocaml/xenstored/process.ml -------------------------- Patching file tools/ocaml/xenstored/process.ml using Plan A... Hunk #1 succeeded at 414. Hunk #2 succeeded at 433. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml |index 6375a1c889..98d368d52f 100644 |--- tools/ocaml/xenstored/store.ml.orig |+++ tools/ocaml/xenstored/store.ml -------------------------- Patching file tools/ocaml/xenstored/store.ml using Plan A... Hunk #1 succeeded at 214. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/utils.ml b/tools/ocaml/xenstored/utils.ml |index b252db799b..e8c9fe4e94 100644 |--- tools/ocaml/xenstored/utils.ml.orig |+++ tools/ocaml/xenstored/utils.ml -------------------------- Patching file tools/ocaml/xenstored/utils.ml using Plan A... Hunk #1 succeeded at 88. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml |index 49fc18bf19..32c3b1c0f1 100644 |--- tools/ocaml/xenstored/xenstored.ml.orig |+++ tools/ocaml/xenstored/xenstored.ml -------------------------- Patching file tools/ocaml/xenstored/xenstored.ml using Plan A... Hunk #1 succeeded at 287. Hunk #2 succeeded at 341. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: avoid watch events for nodes without access |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |Today watch events are sent regardless of the access rights of the |node the event is sent for. This enables any guest to e.g. setup a |watch for "/" in order to have a detailed record of all Xenstore |modifications. | |Modify that by sending only watch events for nodes that the watcher |has a chance to see otherwise (either via direct reads or by querying |the children of a node). This includes cases where the visibility of |a node for a watcher is changing (permissions being removed). | |Permissions for nodes are looked up either in the old (pre |transaction/command) or current trees (post transaction). If |permissions are changed multiple times in a transaction only the final |version is checked, because considering a transaction atomic the |individual permission changes would not be noticable to an outside |observer. | |Two trees are only needed for set_perms: here we can either notice the |node disappearing (if we loose permission), appearing |(if we gain permission), or changing (if we preserve permission). | |RM needs to only look at the old tree: in the new tree the node would be |gone, or could have different permissions if it was recreated (the |recreation would get its own watch fired). | |Inside a tree we lookup the watch path's parent, and then the watch path |child itself. This gets us 4 sets of permissions in worst case, and if |either of these allows a watch, then we permit it to fire. The |permission lookups are done without logging the failures, otherwise we'd |get confusing errors about permission denied for some paths, but a watch |still firing. The actual result is logged in xenstored-access log: | | 'w event ...' as usual if watch was fired | 'w notfired...' if the watch was not fired, together with path and | permission set to help in troubleshooting | |Adding a watch bypasses permission checks and always fires the watch |once immediately. This is consistent with the specification, and no |information is gained (the watch is fired both if the path exists or |doesn't, and both if you have or don't have access, i.e. it reflects the |path a domain gave it back to that domain). | |There are some semantic changes here: | | * Write+rm in a single transaction of the same path is unobservable | now via watches: both before and after a transaction the path | doesn't exist, thus both tree lookups come up with the empty | permission set, and noone, not even Dom0 can see this. This is | consistent with transaction atomicity though. | * Similar to above if we temporarily grant and then revoke permission | on a path any watches fired inbetween are ignored as well | * There is a new log event (w notfired) which shows the permission set | of the path, and the path. | * Watches on paths that a domain doesn't have access to are now not | seen, which is the purpose of the security fix. | |This is part of XSA-115. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml |index d7432c6597..1389d971c2 100644 |--- tools/ocaml/xenstored/connection.ml.orig |+++ tools/ocaml/xenstored/connection.ml -------------------------- Patching file tools/ocaml/xenstored/connection.ml using Plan A... Hunk #1 succeeded at 196. Hunk #2 succeeded at 235. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/connections.ml b/tools/ocaml/xenstored/connections.ml |index ae7692819d..020b875dcd 100644 |--- tools/ocaml/xenstored/connections.ml.orig |+++ tools/ocaml/xenstored/connections.ml -------------------------- Patching file tools/ocaml/xenstored/connections.ml using Plan A... Hunk #1 succeeded at 135. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/logging.ml b/tools/ocaml/xenstored/logging.ml |index ea6033195d..99c7bc5e13 100644 |--- tools/ocaml/xenstored/logging.ml.orig |+++ tools/ocaml/xenstored/logging.ml -------------------------- Patching file tools/ocaml/xenstored/logging.ml using Plan A... Hunk #1 succeeded at 161. Hunk #2 succeeded at 206. Hunk #3 succeeded at 220. Hunk #4 succeeded at 335. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/perms.ml b/tools/ocaml/xenstored/perms.ml |index 3ea193ea14..23b80aba3d 100644 |--- tools/ocaml/xenstored/perms.ml.orig |+++ tools/ocaml/xenstored/perms.ml -------------------------- Patching file tools/ocaml/xenstored/perms.ml using Plan A... Hunk #1 succeeded at 79. Hunk #2 succeeded at 132. Hunk #3 succeeded at 154. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml |index c3c8ea2f4b..3cd0097db9 100644 |--- tools/ocaml/xenstored/process.ml.orig |+++ tools/ocaml/xenstored/process.ml -------------------------- Patching file tools/ocaml/xenstored/process.ml using Plan A... Hunk #1 succeeded at 56. Hunk #2 succeeded at 207. Hunk #3 succeeded at 355. Hunk #4 succeeded at 396. Hunk #5 succeeded at 419. Hunk #6 succeeded at 438. Hunk #7 succeeded at 506. Hunk #8 succeeded at 549. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/transaction.ml b/tools/ocaml/xenstored/transaction.ml |index 23e7ccff1b..9e9e28db9b 100644 |--- tools/ocaml/xenstored/transaction.ml.orig |+++ tools/ocaml/xenstored/transaction.ml -------------------------- Patching file tools/ocaml/xenstored/transaction.ml using Plan A... Hunk #1 succeeded at 82. Hunk #2 succeeded at 124. Hunk #3 succeeded at 139. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml |index 32c3b1c0f1..e9f471846f 100644 |--- tools/ocaml/xenstored/xenstored.ml.orig |+++ tools/ocaml/xenstored/xenstored.ml -------------------------- Patching file tools/ocaml/xenstored/xenstored.ml using Plan A... Hunk #1 succeeded at 341. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: add xenstored.conf flag to turn off watch | permission checks |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |There are flags to turn off quotas and the permission system, so add one |that turns off the newly introduced watch permission checks as well. | |This is part of XSA-115. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml |index 1389d971c2..698f721345 100644 |--- tools/ocaml/xenstored/connection.ml.orig |+++ tools/ocaml/xenstored/connection.ml -------------------------- Patching file tools/ocaml/xenstored/connection.ml using Plan A... Hunk #1 succeeded at 218. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/oxenstored.conf.in b/tools/ocaml/xenstored/oxenstored.conf.in |index 6579b84448..d5d4f00de8 100644 |--- tools/ocaml/xenstored/oxenstored.conf.in.orig |+++ tools/ocaml/xenstored/oxenstored.conf.in -------------------------- Patching file tools/ocaml/xenstored/oxenstored.conf.in using Plan A... Hunk #1 succeeded at 44. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/perms.ml b/tools/ocaml/xenstored/perms.ml |index 23b80aba3d..ee7fee6bda 100644 |--- tools/ocaml/xenstored/perms.ml.orig |+++ tools/ocaml/xenstored/perms.ml -------------------------- Patching file tools/ocaml/xenstored/perms.ml using Plan A... Hunk #1 succeeded at 20. Hunk #2 succeeded at 169. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml |index e9f471846f..30fc874327 100644 |--- tools/ocaml/xenstored/xenstored.ml.orig |+++ tools/ocaml/xenstored/xenstored.ml -------------------------- Patching file tools/ocaml/xenstored/xenstored.ml using Plan A... Hunk #1 succeeded at 95. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA322-c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA322-c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA322-c,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: Juergen Gross |Subject: tools/xenstore: revoke access rights for removed domains | |Access rights of Xenstore nodes are per domid. Unfortunately existing |granted access rights are not removed when a domain is being destroyed. |This means that a new domain created with the same domid will inherit |the access rights to Xenstore nodes from the previous domain(s) with |the same domid. | |This can be avoided by adding a generation counter to each domain. |The generation counter of the domain is set to the global generation |counter when a domain structure is being allocated. When reading or |writing a node all permissions of domains which are younger than the |node itself are dropped. This is done by flagging the related entry |as invalid in order to avoid modifying permissions in a way the user |could detect. | |A special case has to be considered: for a new domain the first |Xenstore entries are already written before the domain is officially |introduced in Xenstore. In order not to drop the permissions for the |new domain a domain struct is allocated even before introduction if |the hypervisor is aware of the domain. This requires adding another |bool "introduced" to struct domain in xenstored. In order to avoid |additional padding holes convert the shutdown flag to bool, too. | |As verifying permissions has its price regarding runtime add a new |quota for limiting the number of permissions an unprivileged domain |can set for a node. The default for that new quota is 5. | |This is part of XSA-322. | |Signed-off-by: Juergen Gross |Reviewed-by: Paul Durrant |Acked-by: Julien Grall | |diff --git a/tools/xenstore/include/xenstore_lib.h b/tools/xenstore/include/xenstore_lib.h |index 0ffbae9eb574..4c9b6d16858d 100644 |--- tools/xenstore/include/xenstore_lib.h.orig |+++ tools/xenstore/include/xenstore_lib.h -------------------------- Patching file tools/xenstore/include/xenstore_lib.h using Plan A... Hunk #1 succeeded at 34. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 2a86c4aa5bce..4fbe5c759c1b 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 101. Hunk #2 succeeded at 408. Hunk #3 succeeded at 430. Hunk #4 succeeded at 492. Hunk #5 succeeded at 1256. Hunk #6 succeeded at 1933. Hunk #7 succeeded at 1954. Hunk #8 succeeded at 1977. Hunk #9 succeeded at 2019. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c |index 0b2f49ac7d4c..f5e7af46e8aa 100644 |--- tools/xenstore/xenstored_domain.c.orig |+++ tools/xenstore/xenstored_domain.c -------------------------- Patching file tools/xenstore/xenstored_domain.c using Plan A... Hunk #1 succeeded at 71. Hunk #2 succeeded at 206. Hunk #3 succeeded at 221 (offset -9 lines). Hunk #4 succeeded at 329 (offset 6 lines). Hunk #5 succeeded at 438 (offset -9 lines). Hunk #6 succeeded at 578 (offset 6 lines). Hunk #7 succeeded at 707 (offset -9 lines). Hunk #8 succeeded at 806 (offset 6 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.h b/tools/xenstore/xenstored_domain.h |index 259183962a9c..5e00087206c7 100644 |--- tools/xenstore/xenstored_domain.h.orig |+++ tools/xenstore/xenstored_domain.h -------------------------- Patching file tools/xenstore/xenstored_domain.h using Plan A... Hunk #1 succeeded at 56. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_transaction.c b/tools/xenstore/xenstored_transaction.c |index 36793b9b1af3..9fcb4c9ba986 100644 |--- tools/xenstore/xenstored_transaction.c.orig |+++ tools/xenstore/xenstored_transaction.c -------------------------- Patching file tools/xenstore/xenstored_transaction.c using Plan A... Hunk #1 succeeded at 47. Hunk #2 succeeded at 166. Hunk #3 succeeded at 242. Hunk #4 succeeded at 379. Hunk #5 succeeded at 467. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_transaction.h b/tools/xenstore/xenstored_transaction.h |index 3386bac56508..43a162bea3f3 100644 |--- tools/xenstore/xenstored_transaction.h.orig |+++ tools/xenstore/xenstored_transaction.h -------------------------- Patching file tools/xenstore/xenstored_transaction.h using Plan A... Hunk #1 succeeded at 27. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xs_lib.c b/tools/xenstore/xs_lib.c |index 3e43f8809d42..d407d5713aff 100644 |--- tools/xenstore/xs_lib.c.orig |+++ tools/xenstore/xs_lib.c -------------------------- Patching file tools/xenstore/xs_lib.c using Plan A... Hunk #1 succeeded at 152. Hmm... Ignoring the trailing garbage. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA322-o => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA322-o Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA322-o,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: clean up permissions for dead domains |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |domain ids are prone to wrapping (15-bits), and with sufficient number |of VMs in a reboot loop it is possible to trigger it. Xenstore entries |may linger after a domain dies, until a toolstack cleans it up. During |this time there is a window where a wrapped domid could access these |xenstore keys (that belonged to another VM). | |To prevent this do a cleanup when a domain dies: | * walk the entire xenstore tree and update permissions for all nodes | * if the dead domain had an ACL entry: remove it | * if the dead domain was the owner: change the owner to Dom0 | |This is done without quota checks or a transaction. Quota checks would |be a no-op (either the domain is dead, or it is Dom0 where they are not |enforced). Transactions are not needed, because this is all done |atomically by oxenstored's single thread. | |The xenstore entries owned by the dead domain are not deleted, because |that could confuse a toolstack / backends that are still bound to it |(or generate unexpected watch events). It is the responsibility of a |toolstack to remove the xenstore entries themselves. | |This is part of XSA-322. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig | |diff --git a/tools/ocaml/xenstored/perms.ml b/tools/ocaml/xenstored/perms.ml |index ee7fee6bda..e8a16221f8 100644 |--- tools/ocaml/xenstored/perms.ml.orig |+++ tools/ocaml/xenstored/perms.ml -------------------------- Patching file tools/ocaml/xenstored/perms.ml using Plan A... Hunk #1 succeeded at 58. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml |index 3cd0097db9..6a998f8764 100644 |--- tools/ocaml/xenstored/process.ml.orig |+++ tools/ocaml/xenstored/process.ml -------------------------- Patching file tools/ocaml/xenstored/process.ml using Plan A... Hunk #1 succeeded at 437. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml |index 0ce6f68e8d..101c094715 100644 |--- tools/ocaml/xenstored/store.ml.orig |+++ tools/ocaml/xenstored/store.ml -------------------------- Patching file tools/ocaml/xenstored/store.ml using Plan A... Hunk #1 succeeded at 89. Hunk #2 succeeded at 438 (offset 26 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml |index 30fc874327..183dd2754b 100644 |--- tools/ocaml/xenstored/xenstored.ml.orig |+++ tools/ocaml/xenstored/xenstored.ml -------------------------- Patching file tools/ocaml/xenstored/xenstored.ml using Plan A... Hunk #1 succeeded at 340. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA323 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA323 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA323,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: Fix path length validation |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |Currently, oxenstored checks the length of paths against 1024, then |prepends "/local/domain/$DOMID/" to relative paths. This allows a domU |to create paths which can't subsequently be read by anyone, even dom0. |This also interferes with listing directories, etc. | |Define a new oxenstored.conf entry: quota-path-max, defaulting to 1024 |as before. For paths that begin with "/local/domain/$DOMID/" check the |relative path length against this quota. For all other paths check the |entire path length. | |This ensures that if the domid changes (and thus the length of a prefix |changes) a path that used to be valid stays valid (e.g. after a |live-migration). It also ensures that regardless how the client tries |to access a path (domid-relative or absolute) it will get consistent |results, since the limit is always applied on the final canonicalized |path. | |Delete the unused Domain.get_path to avoid it being confused with |Connection.get_path (which differs by a trailing slash only). | |Rewrite Util.path_validate to apply the appropriate length restriction |based on whether the path is relative or not. Remove the check for |connection_path being absolute, because it is not guest controlled data. | |This is part of XSA-323. | |Signed-off-by: Andrew Cooper |Signed-off-by: Edwin Török |Acked-by: Christian Lindig | |diff --git a/tools/ocaml/libs/xb/partial.ml b/tools/ocaml/libs/xb/partial.ml |index d4d1c7bdec..b6e2a716e2 100644 |--- tools/ocaml/libs/xb/partial.ml.orig |+++ tools/ocaml/libs/xb/partial.ml -------------------------- Patching file tools/ocaml/libs/xb/partial.ml using Plan A... Hunk #1 succeeded at 28. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/libs/xb/partial.mli b/tools/ocaml/libs/xb/partial.mli |index 359a75e88d..b9216018f5 100644 |--- tools/ocaml/libs/xb/partial.mli.orig |+++ tools/ocaml/libs/xb/partial.mli -------------------------- Patching file tools/ocaml/libs/xb/partial.mli using Plan A... Hunk #1 succeeded at 9. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/define.ml b/tools/ocaml/xenstored/define.ml |index ea9e1b7620..ebe18b8e31 100644 |--- tools/ocaml/xenstored/define.ml.orig |+++ tools/ocaml/xenstored/define.ml -------------------------- Patching file tools/ocaml/xenstored/define.ml using Plan A... Hunk #1 succeeded at 32 (offset 1 line). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/domain.ml b/tools/ocaml/xenstored/domain.ml |index aeb185ff7e..81cb59b8f1 100644 |--- tools/ocaml/xenstored/domain.ml.orig |+++ tools/ocaml/xenstored/domain.ml -------------------------- Patching file tools/ocaml/xenstored/domain.ml using Plan A... Hunk #1 succeeded at 38. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/oxenstored.conf.in b/tools/ocaml/xenstored/oxenstored.conf.in |index f843482981..4ae48e42d4 100644 |--- tools/ocaml/xenstored/oxenstored.conf.in.orig |+++ tools/ocaml/xenstored/oxenstored.conf.in -------------------------- Patching file tools/ocaml/xenstored/oxenstored.conf.in using Plan A... Hunk #1 succeeded at 61. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/utils.ml b/tools/ocaml/xenstored/utils.ml |index e8c9fe4e94..eb79bf0146 100644 |--- tools/ocaml/xenstored/utils.ml.orig |+++ tools/ocaml/xenstored/utils.ml -------------------------- Patching file tools/ocaml/xenstored/utils.ml using Plan A... Hunk #1 succeeded at 93. Hunk #2 succeeded at 101. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml |index ff9fbbbac2..39d6d767e4 100644 |--- tools/ocaml/xenstored/xenstored.ml.orig |+++ tools/ocaml/xenstored/xenstored.ml -------------------------- Patching file tools/ocaml/xenstored/xenstored.ml using Plan A... Hunk #1 succeeded at 102. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA324 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA324 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA324,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: Juergen Gross |Subject: tools/xenstore: drop watch event messages exceeding maximum size | |By setting a watch with a very large tag it is possible to trick |xenstored to send watch event messages exceeding the maximum allowed |payload size. This might in turn lead to a crash of xenstored as the |resulting error can cause dereferencing a NULL pointer in case there |is no active request being handled by the guest the watch event is |being sent to. | |Fix that by just dropping such watch events. Additionally modify the |error handling to test the pointer to be not NULL before dereferencing |it. | |This is XSA-324. | |Signed-off-by: Juergen Gross |Acked-by: Julien Grall | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 33f95dcf3c..3d74dbbb40 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 680 (offset 6 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c |index 71c108ea99..9ff20690c0 100644 |--- tools/xenstore/xenstored_watch.c.orig |+++ tools/xenstore/xenstored_watch.c -------------------------- Patching file tools/xenstore/xenstored_watch.c using Plan A... Hunk #1 succeeded at 92. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA325 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA325 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA325,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: Harsha Shamsundara Havanur |Subject: tools/xenstore: Preserve bad client until they are destroyed | |XenStored will kill any connection that it thinks has misbehaved, |this is currently happening in two places: | * In `handle_input()` if the sanity check on the ring and the message | fails. | * In `handle_output()` when failing to write the response in the ring. | |As the domain structure is a child of the connection, XenStored will |destroy its view of the domain when killing the connection. This will |result in sending @releaseDomain event to all the watchers. | |As the watch event doesn't carry which domain has been released, |the watcher (such as XenStored) will generally go through the list of |domains registers and check if one of them is shutting down/dying. |In the case of a client misbehaving, the domain will likely to be |running, so no action will be performed. | |When the domain is effectively destroyed, XenStored will not be aware of |the domain anymore. So the watch event is not going to be sent. |By consequence, the watchers of the event will not release mappings |they may have on the domain. This will result in a zombie domain. | |In order to send @releaseDomain event at the correct time, we want |to keep the domain structure until the domain is effectively |shutting-down/dying. | |We also want to keep the connection around so we could possibly revive |the connection in the future. | |A new flag 'is_ignored' is added to mark whether a connection should be |ignored when checking if there are work to do. Additionally any |transactions, watches, buffers associated to the connection will be |freed as you can't do much with them (restarting the connection will |likely need a reset). | |As a side note, when the device model were running in a stubdomain, a |guest would have been able to introduce a use-after-free because there |is two parents for a guest connection. | |This is XSA-325. | |Reported-by: Pawel Wieczorkiewicz |Signed-off-by: Harsha Shamsundara Havanur |Signed-off-by: Julien Grall |Reviewed-by: Juergen Gross |Reviewed-by: Paul Durrant | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index af3d17004b3f..27d8f15b6b76 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 1344 (offset -11 lines). Hunk #2 succeeded at 1428 (offset -11 lines). Hunk #3 succeeded at 1488 (offset -11 lines). Hunk #4 succeeded at 1511 (offset -11 lines). Hunk #5 succeeded at 2225 (offset 10 lines). Hunk #6 succeeded at 2218 (offset -11 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h |index eb19b71f5f46..196a6fd2b0be 100644 |--- tools/xenstore/xenstored_core.h.orig |+++ tools/xenstore/xenstored_core.h -------------------------- Patching file tools/xenstore/xenstored_core.h using Plan A... Hunk #1 succeeded at 82 (offset 2 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c |index dc635e9be30c..d5e1e3e9d42d 100644 |--- tools/xenstore/xenstored_domain.c.orig |+++ tools/xenstore/xenstored_domain.c -------------------------- Patching file tools/xenstore/xenstored_domain.c using Plan A... Hunk #1 succeeded at 295 (offset 9 lines). Hunk #2 succeeded at 316 (offset 9 lines). Hmm... Ignoring the trailing garbage. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA330 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA330 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA330,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: delete watch from trie too when resetting | watches |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |c/s f8c72b526129 "oxenstored: implement XS_RESET_WATCHES" from Xen 4.6 |introduced reset watches support in oxenstored by mirroring the change |in cxenstored. | |However the OCaml version has some additional data structures to |optimize watch firing, and just resetting the watches in one of the data |structures creates a security bug where a malicious guest kernel can |exceed its watch quota, driving oxenstored into OOM: | * create watches | * reset watches (this still keeps the watches lingering in another data | structure, using memory) | * create some more watches | * loop until oxenstored dies | |The guest kernel doesn't necessarily have to be malicious to trigger |this: | * if control/platform-feature-xs_reset_watches is set | * the guest kexecs (e.g. because it crashes) | * on boot more watches are set up | * this will slowly "leak" memory for watches in oxenstored, driving it | towards OOM. | |This is XSA-330. | |Fixes: f8c72b526129 ("oxenstored: implement XS_RESET_WATCHES") |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/connections.ml b/tools/ocaml/xenstored/connections.ml |index 020b875dcd..4e69de1d42 100644 |--- tools/ocaml/xenstored/connections.ml.orig |+++ tools/ocaml/xenstored/connections.ml -------------------------- Patching file tools/ocaml/xenstored/connections.ml using Plan A... Hunk #1 succeeded at 134. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml |index 6a998f8764..12ad66fce6 100644 |--- tools/ocaml/xenstored/process.ml.orig |+++ tools/ocaml/xenstored/process.ml -------------------------- Patching file tools/ocaml/xenstored/process.ml using Plan A... Hunk #1 succeeded at 179. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA352 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA352 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA352,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: only Dom0 can change node owner |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |Otherwise we can give quota away to another domain, either causing it to run |out of quota, or in case of Dom0 use unbounded amounts of memory and bypass |the quota system entirely. | |This was fixed in the C version of xenstored in 2006 (c/s db34d2aaa5f5, |predating the XSA process by 5 years). | |It was also fixed in the mirage version of xenstore in 2012, with a unit test |demonstrating the vulnerability: | | https://github.com/mirage/ocaml-xenstore/commit/6b91f3ac46b885d0530a51d57a9b3a57d64923a7 | https://github.com/mirage/ocaml-xenstore/commit/22ee5417c90b8fda905c38de0d534506152eace6 | |but possibly without realising that the vulnerability still affected the |in-tree oxenstored (added c/s f44af660412 in 2010). | |This is XSA-352. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml |index 3b05128f1b..5f915f2bbe 100644 |--- tools/ocaml/xenstored/store.ml.orig |+++ tools/ocaml/xenstored/store.ml -------------------------- Patching file tools/ocaml/xenstored/store.ml using Plan A... Hunk #1 succeeded at 433 (offset 26 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA353 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-XSA353 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-XSA353,v 1.1 2020/12/17 16:48:12 bouyer Exp $ | |From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= |Subject: tools/ocaml/xenstored: do permission checks on xenstore root |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |This was lacking in a disappointing number of places. | |The xenstore root node is treated differently from all other nodes, because it |doesn't have a parent, and mutation requires changing the parent. | |Unfortunately this lead to open-coding the special case for root into every |single xenstore operation, and out of all the xenstore operations only read |did a permission check when handling the root node. | |This means that an unprivileged guest can: | | * xenstore-chmod / to its liking and subsequently write new arbitrary nodes | there (subject to quota) | * xenstore-rm -r / deletes almost the entire xenstore tree (xenopsd quickly | refills some, but you are left with a broken system) | * DIRECTORY on / lists all children when called through python | bindings (xenstore-ls stops at /local because it tries to list recursively) | * get-perms on / works too, but that is just a minor information leak | |Add the missing permission checks, but this should really be refactored to do |the root handling and permission checks on the node only once from a single |function, instead of getting it wrong nearly everywhere. | |This is XSA-353. | |Signed-off-by: Edwin Török |Acked-by: Christian Lindig |Reviewed-by: Andrew Cooper | |diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml |index f299ec6461..92b6289b5e 100644 |--- tools/ocaml/xenstored/store.ml.orig |+++ tools/ocaml/xenstored/store.ml -------------------------- Patching file tools/ocaml/xenstored/store.ml using Plan A... Hunk #1 succeeded at 285 (offset 12 lines). Hunk #2 succeeded at 327 (offset 12 lines). Hunk #3 succeeded at 339 (offset 12 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-always_inline => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-always_inline Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-always_inline,v 1.1 2019/11/03 10:07:17 maya Exp $ | |Fix compilation issue with GCC>=8 and _FORTIFY_SOURCE. | | |From e8dfbc2962365ffa3d7ddcacaa5baaf4ed24b2af Mon Sep 17 00:00:00 2001 |From: Christopher Clark |Date: Tue, 25 Sep 2018 16:30:32 +0200 |Subject: [PATCH 1/1] fuzz, test x86_emulator: disable sse before including | always_inline fns | |Workaround for compiler rejection of SSE-using always_inlines defined before |SSE is disabled. | |Compiling with _FORTIFY_SOURCE or higher levels of optimization enabled |will always_inline several library fns (memset, memcpy, ...) |(with gcc 8.2.0 and glibc 2.28). | |In fuzz and x86_emulator test, the compiler is instructed not |to generate SSE instructions via: #pragma GCC target("no-sse") |because those registers are needed for use by the workload. | |The combination above causes compilation failure as the inline functions |use those instructions. This is resolved by reordering the inclusion of | and to after the pragma disabling SSE generation. | |It would be preferable to locate the no-sse pragma within x86-emulate.h at the |top of the file, prior to including any other headers; unfortunately doing so |before causes compilation failure due to declaration of 'atof' with: | "SSE register return with SSE disabled". |Fortunately there is no (known) current dependency on any always_inline |SSE-inclined function declared in or any of its dependencies, so the |pragma is therefore issued immediately after inclusion of with a |comment introduced to explain its location there. | |Add compile-time checks for unwanted prior inclusion of and |, which are the two headers that provide the library functions that |are handled with wrappers and listed within "x86-emulate.h" as ones "we think |might access any of the FPU state". |* Use standard-defined "EOF" macro to detect prior inclusion. |* Use "_STRING_H" (non-standardized guard macro) as best-effort | for detection of prior inclusion. This is non-universally | viable but will provide error output on common GLIBC systems, so | provides some defensive coverage. | |Adds conditional #include to x86-emulate.h because fwrite, printf, |etc. are referenced when WRAP has been defined. | |Signed-off-by: Christopher Clark |Reviewed-by: Jan Beulich |--- | tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 10 +++++++-- | tools/tests/x86_emulator/wrappers.c | 1 - | tools/tests/x86_emulator/x86-emulate.h | 28 +++++++++++++++++++++++-- | 3 files changed, 34 insertions(+), 5 deletions(-) | |diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c |index 03a2473cdb..0ffd0fbfe1 100644 |--- tools/fuzz/x86_instruction_emulator/fuzz-emul.c.orig |+++ tools/fuzz/x86_instruction_emulator/fuzz-emul.c -------------------------- Patching file tools/fuzz/x86_instruction_emulator/fuzz-emul.c using Plan A... Hunk #1 succeeded at 6. Hunk #2 succeeded at 14. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/tests/x86_emulator/wrappers.c b/tools/tests/x86_emulator/wrappers.c |index d02013c4b1..eba7cc93c5 100644 |--- tools/tests/x86_emulator/wrappers.c.orig |+++ tools/tests/x86_emulator/wrappers.c -------------------------- Patching file tools/tests/x86_emulator/wrappers.c using Plan A... Hunk #1 succeeded at 1. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/tools/tests/x86_emulator/x86-emulate.h b/tools/tests/x86_emulator/x86-emulate.h |index b249e4673c..08dead32fd 100644 |--- tools/tests/x86_emulator/x86-emulate.h.orig |+++ tools/tests/x86_emulator/x86-emulate.h -------------------------- Patching file tools/tests/x86_emulator/x86-emulate.h using Plan A... Hunk #1 succeeded at 3. Hmm... Ignoring the trailing garbage. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl-disk-configuration.pod.5 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl-disk-configuration.pod.5 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-docs_man_xl-disk-configuration.pod.5,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- docs/man/xl-disk-configuration.pod.5.orig 2018-04-23 16:19:11.000000000 +0200 |+++ docs/man/xl-disk-configuration.pod.5 2018-04-23 16:19:41.000000000 +0200 -------------------------- Patching file docs/man/xl-disk-configuration.pod.5 using Plan A... Hunk #1 succeeded at 257. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl.cfg.pod.5.in => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl.cfg.pod.5.in Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-docs_man_xl.cfg.pod.5.in,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- docs/man/xl.cfg.pod.5.in.orig 2018-04-17 19:21:31.000000000 +0200 |+++ docs/man/xl.cfg.pod.5.in 2018-04-23 16:14:18.000000000 +0200 -------------------------- Patching file docs/man/xl.cfg.pod.5.in using Plan A... Hunk #1 succeeded at 4. Hunk #2 succeeded at 2623. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl.conf.pod.5 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl.conf.pod.5 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-docs_man_xl.conf.pod.5,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- docs/man/xl.conf.pod.5.orig 2016-12-05 13:03:27.000000000 +0100 |+++ docs/man/xl.conf.pod.5 2017-03-24 17:37:53.000000000 +0100 -------------------------- Patching file docs/man/xl.conf.pod.5 using Plan A... Hunk #1 succeeded at 1. Hunk #2 succeeded at 95 (offset 12 lines). Hunk #3 succeeded at 121 (offset 12 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl.pod.1.in => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xl.pod.1.in Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-docs_man_xl.pod.1.in,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- docs/man/xl.pod.1.in.orig 2017-03-24 17:39:08.000000000 +0100 |+++ docs/man/xl.pod.1.in 2017-03-24 17:40:12.000000000 +0100 -------------------------- Patching file docs/man/xl.pod.1.in using Plan A... Hunk #1 succeeded at 33. Hunk #2 succeeded at 50. Hunk #3 succeeded at 175. Hunk #4 succeeded at 540 (offset 12 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xlcpupool.cfg.pod.5 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_man_xlcpupool.cfg.pod.5 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-docs_man_xlcpupool.cfg.pod.5,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- docs/man/xlcpupool.cfg.pod.5.orig 2017-03-24 17:41:23.000000000 +0100 |+++ docs/man/xlcpupool.cfg.pod.5 2017-03-24 17:41:50.000000000 +0100 -------------------------- Patching file docs/man/xlcpupool.cfg.pod.5 using Plan A... Hunk #1 succeeded at 4. Hunk #2 succeeded at 117. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_misc_block-scripts.txt => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-docs_misc_block-scripts.txt Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-docs_misc_block-scripts.txt,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- ./docs/misc/block-scripts.txt.orig 2018-04-23 16:23:34.000000000 +0200 |+++ ./docs/misc/block-scripts.txt 2018-04-23 16:23:39.000000000 +0200 -------------------------- Patching file ./docs/misc/block-scripts.txt using Plan A... Hunk #1 succeeded at 18. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_Config.mk => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_Config.mk Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- extras/mini-os/Config.mk.orig 2017-03-27 19:37:46.000000000 +0200 |+++ extras/mini-os/Config.mk 2017-03-27 19:38:46.000000000 +0200 -------------------------- Patching file extras/mini-os/Config.mk using Plan A... Hunk #1 succeeded at 106. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_arch_x86_arch.mk => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_arch_x86_arch.mk Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-extras_mini-os_arch_x86_arch.mk,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- extras/mini-os/arch/x86/arch.mk.orig 2017-03-27 16:41:50.000000000 +0200 |+++ extras/mini-os/arch/x86/arch.mk 2017-03-27 16:43:37.000000000 +0200 -------------------------- Patching file extras/mini-os/arch/x86/arch.mk using Plan A... Hunk #1 succeeded at 7. Hunk #2 succeeded at 17. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_include_fcntl.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_include_fcntl.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-extras_mini-os_include_fcntl.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ |--- extras/mini-os/include/fcntl.h.orig 2017-03-28 19:38:01.000000000 +0200 |+++ extras/mini-os/include/fcntl.h 2017-03-28 19:38:12.000000000 +0200 -------------------------- Patching file extras/mini-os/include/fcntl.h using Plan A... Hunk #1 succeeded at 93. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_include_time.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_include_time.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-extras_mini-os_include_time.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ |--- extras/mini-os/include/time.h.orig 2016-09-28 13:09:38.000000000 +0200 |+++ extras/mini-os/include/time.h 2017-03-28 20:00:33.000000000 +0200 -------------------------- Patching file extras/mini-os/include/time.h using Plan A... Hunk #1 succeeded at 48. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_lib_sys.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_lib_sys.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-extras_mini-os_lib_sys.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | | |--- extras/mini-os/lib/sys.c.orig 2017-10-20 12:50:35.000000000 +0200 |+++ extras/mini-os/lib/sys.c 2018-04-23 15:28:25.000000000 +0200 -------------------------- Patching file extras/mini-os/lib/sys.c using Plan A... Hunk #1 succeeded at 18. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_lock.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-extras_mini-os_lock.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- extras/mini-os/lock.c.orig 2017-03-28 12:14:33.000000000 +0200 |+++ extras/mini-os/lock.c 2017-03-28 12:14:43.000000000 +0200 -------------------------- Patching file extras/mini-os/lock.c using Plan A... Hunk #1 succeeded at 4. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-m4_paths.m4 => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-m4_paths.m4 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-m4_paths.m4,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- m4/paths.m4.orig |+++ m4/paths.m4 -------------------------- Patching file m4/paths.m4 using Plan A... Hunk #1 succeeded at 141 (offset 6 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_Makefile,v 1.2 2019/12/18 13:37:39 bouyer Exp $ | |--- tools/Makefile.orig 2019-11-29 10:15:18.000000000 +0100 |+++ tools/Makefile 2019-12-18 13:52:23.266439614 +0100 -------------------------- Patching file tools/Makefile using Plan A... Hunk #1 succeeded at 21. Hunk #2 succeeded at 39. Hunk #3 succeeded at 262. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_Rules.mk => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_Rules.mk Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_Rules.mk,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/Rules.mk.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/Rules.mk 2018-04-23 16:10:52.000000000 +0200 -------------------------- Patching file tools/Rules.mk using Plan A... Hunk #1 succeeded at 101. Hunk #2 succeeded at 156. Hunk #3 succeeded at 176. Hunk #4 succeeded at 188. Hunk #5 succeeded at 269. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_configure => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_configure Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_configure,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/configure.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/configure 2018-04-23 16:12:57.000000000 +0200 -------------------------- Patching file tools/configure using Plan A... Hunk #1 succeeded at 2422. Hunk #2 succeeded at 3870. Hunk #3 succeeded at 4006. Hunk #4 succeeded at 10430. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_console_daemon_utils.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_console_daemon_utils.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_console_daemon_utils.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/console/daemon/utils.c.orig 2015-06-22 13:41:35.000000000 +0000 |+++ tools/console/daemon/utils.c -------------------------- Patching file tools/console/daemon/utils.c using Plan A... Hunk #1 succeeded at 107 (offset -6 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_debugger_gdbsx_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_debugger_gdbsx_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_debugger_gdbsx_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |Add support for LDFLAGS when building gdbsx | |--- tools/debugger/gdbsx/Makefile.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/debugger/gdbsx/Makefile 2018-04-23 16:06:44.000000000 +0200 -------------------------- Patching file tools/debugger/gdbsx/Makefile using Plan A... Hunk #1 succeeded at 26. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_debugger_gdbsx_xg_xg_main.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_debugger_gdbsx_xg_xg_main.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_debugger_gdbsx_xg_xg_main.c,v 1.1 2020/05/03 08:54:29 bouyer Exp $ | |--- tools/debugger/gdbsx/xg/xg_main.c.orig 2020-04-30 09:57:45.000000000 +0200 |+++ tools/debugger/gdbsx/xg/xg_main.c 2020-04-30 09:58:43.000000000 +0200 -------------------------- Patching file tools/debugger/gdbsx/xg/xg_main.c using Plan A... Hunk #1 succeeded at 126. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_examples_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_examples_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_examples_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/examples/Makefile.orig 2015-01-12 17:53:24.000000000 +0100 |+++ tools/examples/Makefile 2015-01-19 13:37:18.000000000 +0100 -------------------------- Patching file tools/examples/Makefile using Plan A... Hunk #1 succeeded at 1. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_firmware_etherboot_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_firmware_etherboot_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_firmware_etherboot_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/firmware/etherboot/Makefile.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/firmware/etherboot/Makefile 2018-04-23 17:55:13.000000000 +0200 -------------------------- Patching file tools/firmware/etherboot/Makefile using Plan A... Hunk #1 succeeded at 27. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_firmware_hvmloader_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_firmware_hvmloader_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_firmware_hvmloader_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/firmware/hvmloader/Makefile.orig 2016-12-05 13:03:27.000000000 +0100 |+++ tools/firmware/hvmloader/Makefile 2017-03-24 18:14:34.000000000 +0100 -------------------------- Patching file tools/firmware/hvmloader/Makefile using Plan A... Hunk #1 succeeded at 26. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_hotplug_NetBSD_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/hotplug/NetBSD/Makefile.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/hotplug/NetBSD/Makefile 2018-04-23 16:05:01.000000000 +0200 -------------------------- Patching file tools/hotplug/NetBSD/Makefile using Plan A... Hunk #1 succeeded at 3. Hunk #2 succeeded at 25. Hunk #3 succeeded at 43. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_block => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_block Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_hotplug_NetBSD_block,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/hotplug/NetBSD/block.orig 2016-02-09 14:44:19.000000000 +0000 |+++ tools/hotplug/NetBSD/block -------------------------- Patching file tools/hotplug/NetBSD/block using Plan A... Hunk #1 succeeded at 6. Hunk #2 succeeded at 63. Hunk #3 succeeded at 79. Hunk #4 succeeded at 89. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_vif-bridge => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_vif-bridge Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_hotplug_NetBSD_vif-bridge,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/hotplug/NetBSD/vif-bridge.orig 2015-01-12 17:53:24.000000000 +0100 |+++ tools/hotplug/NetBSD/vif-bridge 2015-01-19 13:16:37.000000000 +0100 -------------------------- Patching file tools/hotplug/NetBSD/vif-bridge using Plan A... Hunk #1 succeeded at 23. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_vif-ip => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_NetBSD_vif-ip Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_hotplug_NetBSD_vif-ip,v 1.2 2020/06/18 13:48:28 plunky Exp $ | |--- tools/hotplug/NetBSD/vif-ip.orig 2019-11-29 09:15:18.000000000 +0000 |+++ tools/hotplug/NetBSD/vif-ip -------------------------- Patching file tools/hotplug/NetBSD/vif-ip using Plan A... Hunk #1 succeeded at 23. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_common_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_hotplug_common_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_hotplug_common_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/hotplug/common/Makefile.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/hotplug/common/Makefile 2018-04-23 16:03:55.000000000 +0200 -------------------------- Patching file tools/hotplug/common/Makefile using Plan A... Hunk #1 succeeded at 26. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_include_xen-sys_NetBSD_gntdev.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_include_xen-sys_NetBSD_gntdev.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_include_xen-sys_NetBSD_gntdev.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/include/xen-sys/NetBSD/gntdev.h.orig 2015-01-19 13:16:37.000000000 +0100 |+++ tools/include/xen-sys/NetBSD/gntdev.h 2015-01-19 13:16:37.000000000 +0100 -------------------------- (Creating file tools/include/xen-sys/NetBSD/gntdev.h...) Patching file tools/include/xen-sys/NetBSD/gntdev.h using Plan A... Empty context always matches. Hunk #1 succeeded at 1. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_call_netbsd.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_call_netbsd.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libs_call_netbsd.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libs/call/netbsd.c.orig 2017-03-24 18:29:45.000000000 +0100 |+++ tools/libs/call/netbsd.c 2017-03-24 18:34:05.000000000 +0100 -------------------------- Patching file tools/libs/call/netbsd.c using Plan A... Hunk #1 succeeded at 19. Hunk #2 succeeded at 71. Hunk #3 succeeded at 89. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_call_private.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_call_private.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libs_call_private.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libs/call/private.h.orig 2017-03-28 10:42:37.000000000 +0200 |+++ tools/libs/call/private.h 2017-03-28 10:43:04.000000000 +0200 -------------------------- Patching file tools/libs/call/private.h using Plan A... Hunk #1 succeeded at 12 (offset 1 line). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_evtchn_netbsd.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_evtchn_netbsd.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libs_evtchn_netbsd.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libs/evtchn/netbsd.c.orig 2017-03-24 18:23:27.000000000 +0100 |+++ tools/libs/evtchn/netbsd.c 2017-03-24 18:23:40.000000000 +0100 -------------------------- Patching file tools/libs/evtchn/netbsd.c using Plan A... Hunk #1 succeeded at 131 (offset 7 lines). Hunk #2 succeeded at 140 (offset 7 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_foreignmemory_compat.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_foreignmemory_compat.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libs_foreignmemory_compat.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- ./tools/libs/foreignmemory/compat.c.orig 2018-04-17 19:21:31.000000000 +0200 |+++ ./tools/libs/foreignmemory/compat.c 2018-04-23 17:05:48.000000000 +0200 -------------------------- Patching file ./tools/libs/foreignmemory/compat.c using Plan A... Hunk #1 succeeded at 19. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_foreignmemory_netbsd.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_foreignmemory_netbsd.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libs_foreignmemory_netbsd.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libs/foreignmemory/netbsd.c.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/libs/foreignmemory/netbsd.c 2018-04-23 15:31:28.000000000 +0200 -------------------------- Patching file tools/libs/foreignmemory/netbsd.c using Plan A... Hunk #1 succeeded at 19. Hunk #2 succeeded at 68. Hunk #3 succeeded at 88. Hunk #4 succeeded at 99. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_foreignmemory_private.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libs_foreignmemory_private.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libs_foreignmemory_private.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libs/foreignmemory/private.h.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/libs/foreignmemory/private.h 2018-04-23 17:09:20.000000000 +0200 -------------------------- Patching file tools/libs/foreignmemory/private.h using Plan A... Hunk #1 succeeded at 37. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl__create.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl__create.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libxl_libxl__create.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libxl/libxl_create.c.orig 2018-04-17 19:21:31.000000000 +0200 |+++ tools/libxl/libxl_create.c 2018-04-23 15:59:53.000000000 +0200 -------------------------- Patching file tools/libxl/libxl_create.c using Plan A... Hunk #1 succeeded at 460. Hunk #2 succeeded at 499. Hunk #3 succeeded at 1198 (offset 1 line). Hunk #4 succeeded at 1208 (offset 1 line). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_dom.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_dom.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libxl_libxl_dom.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libxl/libxl_dom.c.orig |+++ tools/libxl/libxl_dom.c -------------------------- Patching file tools/libxl/libxl_dom.c using Plan A... Hunk #1 succeeded at 1362 (offset 1 line). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_event.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_event.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libxl_libxl_event.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |The SIGCHLD handler just writes to a pipe where the reader is the |same process. The idea is that this will cause poll(2) in the main |thread to exit with the reaper pipe readable, and do child cleanup here. | |Unfortunably, is the child also has a write pipe back to the |parent (as e.g. with pygrub), the loop in afterpoll_internal() may see the |POLLHUP event on this pipe before the POLLIN even on the reaper pipe, and |this will be considered as an error (from e.g. pygrub). | |work around by filtering POLLHUP events here | |--- tools/libxl/libxl_event.c.orig 2016-12-20 16:01:30.000000000 +0100 |+++ tools/libxl/libxl_event.c 2016-12-20 17:28:52.000000000 +0100 -------------------------- Patching file tools/libxl/libxl_event.c using Plan A... Hunk #1 succeeded at 1255 (offset -6 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_internal.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_internal.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libxl_libxl_internal.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |bump some timeouts to more reasonable values. 40s is not enough |if there is lots of them (e.g lots of network interfaces) and they |need to be serialized. | |--- tools/libxl/libxl_internal.h.orig 2016-12-05 13:03:27.000000000 +0100 |+++ tools/libxl/libxl_internal.h 2017-03-24 18:07:05.000000000 +0100 -------------------------- Patching file tools/libxl/libxl_internal.h using Plan A... Hunk #1 succeeded at 90 (offset 2 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_uuid.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_libxl_libxl_uuid.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_libxl_libxl_uuid.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/libxl/libxl_uuid.c.orig 2016-12-05 13:03:27.000000000 +0100 |+++ tools/libxl/libxl_uuid.c 2017-03-24 18:15:58.000000000 +0100 -------------------------- Patching file tools/libxl/libxl_uuid.c using Plan A... Hunk #1 succeeded at 82. Hunk #2 succeeded at 120. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_Makefile.rules => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_Makefile.rules Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_ocaml_Makefile.rules,v 1.1 2021/02/04 11:45:53 bouyer Exp $ | |--- tools/ocaml/Makefile.rules.orig 2021-01-08 22:48:10.638776688 +0100 |+++ tools/ocaml/Makefile.rules 2021-01-08 22:49:05.627085243 +0100 -------------------------- Patching file tools/ocaml/Makefile.rules using Plan A... Hunk #1 succeeded at 34. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_common.make => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_common.make Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- tools/ocaml/common.make.orig 2020-04-17 13:58:20.000000000 +0200 |+++ tools/ocaml/common.make 2021-02-04 11:25:02.393221932 +0100 -------------------------- Patching file tools/ocaml/common.make using Plan A... Hunk #1 succeeded at 3. Hunk #2 succeeded at 17. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_libs_xentoollog_xentoollog__stubs.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_libs_xentoollog_xentoollog__stubs.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_ocaml_libs_xentoollog_xentoollog__stubs.c,v 1.1 2020/01/18 21:58:44 prlw1 Exp $ | |Fix build with newer ocaml |c.f. https://github.com/ocaml/ocaml/pull/2293 | |--- tools/ocaml/libs/xentoollog/xentoollog_stubs.c.orig 2019-11-29 09:15:18.000000000 +0000 |+++ tools/ocaml/libs/xentoollog/xentoollog_stubs.c -------------------------- Patching file tools/ocaml/libs/xentoollog/xentoollog_stubs.c using Plan A... Hunk #1 succeeded at 90. Hunk #2 succeeded at 120. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_libs_xl__xenlight_stubs.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_libs_xl__xenlight_stubs.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_ocaml_libs_xl__xenlight_stubs.c,v 1.1 2020/01/18 21:58:44 prlw1 Exp $ | |Fix build with newer ocaml |c.f. https://github.com/ocaml/ocaml/pull/2293 | |--- tools/ocaml/libs/xl/xenlight_stubs.c.orig 2019-11-29 09:15:18.000000000 +0000 |+++ tools/ocaml/libs/xl/xenlight_stubs.c -------------------------- Patching file tools/ocaml/libs/xl/xenlight_stubs.c using Plan A... Hunk #1 succeeded at 75. Hunk #2 succeeded at 424. Hunk #3 succeeded at 1118. Hunk #4 succeeded at 1259. Hunk #5 succeeded at 1302. Hunk #6 succeeded at 1341. Hunk #7 succeeded at 1383. Hunk #8 succeeded at 1435. Hunk #9 succeeded at 1551. Hunk #10 succeeded at 1574. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_xenstored_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_xenstored_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_ocaml_xenstored_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/ocaml/xenstored/Makefile.orig 2016-02-09 14:44:19.000000000 +0000 |+++ tools/ocaml/xenstored/Makefile -------------------------- Patching file tools/ocaml/xenstored/Makefile using Plan A... Hunk #1 succeeded at 1. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_xenstored_utils.ml => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_ocaml_xenstored_utils.ml Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_ocaml_xenstored_utils.ml,v 1.2 2020/12/17 16:48:12 bouyer Exp $ | |--- tools/ocaml/xenstored/utils.ml.orig 2020-12-17 15:47:15.866790468 +0100 |+++ tools/ocaml/xenstored/utils.ml 2020-12-17 15:53:47.618682147 +0100 -------------------------- Patching file tools/ocaml/xenstored/utils.ml using Plan A... Hunk #1 succeeded at 86. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/Makefile.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/Makefile 2015-01-19 14:16:12.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/Makefile using Plan A... Hunk #1 succeeded at 1. Hunk #2 succeeded at 231. Hunk #3 succeeded at 275. Hunk #4 succeeded at 284. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_block-raw-posix.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_block-raw-posix.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_block-raw-posix.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |- if given a block device, use the character device instead. | |--- tools/qemu-xen-traditional/block-raw-posix.c.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/block-raw-posix.c 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/block-raw-posix.c using Plan A... Hunk #1 succeeded at 65. Hunk #2 succeeded at 73. Hunk #3 succeeded at 1017 (offset 1 line). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_configure => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_configure Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_configure,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/configure.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/configure 2015-01-20 22:58:07.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/configure using Plan A... Hunk #1 succeeded at 1089. Hunk #2 succeeded at 1124. Hunk #3 succeeded at 1216. Hunk #4 succeeded at 1495. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_e1000.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_e1000.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_e1000.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |From sysutils/xentools33/patches/patch-ak. | |qemu-0.13.x will include this fix: |http://git.qemu.org/qemu.git/commit/?id=9651ac55e5de0e1534d898316cc851af6ffc4334 | |--- tools/qemu-xen-traditional/hw/e1000.c.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/hw/e1000.c 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/e1000.c using Plan A... Hunk #1 succeeded at 265. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_ide.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_ide.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_ide.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/ide.c.orig 2014-01-09 13:44:42.000000000 +0100 |+++ tools/qemu-xen-traditional/hw/ide.c 2015-06-11 16:15:49.000000000 +0200 -------------------------- Patching file tools/qemu-xen-traditional/hw/ide.c using Plan A... Hunk #1 succeeded at 757. Hunk #2 succeeded at 817. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pass-through.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pass-through.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_pass-through.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/pass-through.c.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/hw/pass-through.c 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/pass-through.c using Plan A... Hunk #1 succeeded at 84. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pass-through.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pass-through.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_pass-through.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/pass-through.h.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/hw/pass-through.h 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/pass-through.h using Plan A... Hunk #1 succeeded at 20. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_piix4acpi.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_piix4acpi.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_piix4acpi.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/piix4acpi.c.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/hw/piix4acpi.c 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/piix4acpi.c using Plan A... Hunk #1 succeeded at 41. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pt-graphics.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pt-graphics.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_pt-graphics.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/pt-graphics.c.orig 2015-01-19 16:14:46.000000000 +0100 |+++ tools/qemu-xen-traditional/hw/pt-graphics.c 2015-01-19 16:14:51.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/pt-graphics.c using Plan A... Hunk #1 succeeded at 4. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pt-msi.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pt-msi.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_pt-msi.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/pt-msi.c.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/hw/pt-msi.c 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/pt-msi.c using Plan A... Hunk #1 succeeded at 22. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pt-msi.h => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_hw_pt-msi.h Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_hw_pt-msi.h,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/hw/pt-msi.h.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/hw/pt-msi.h 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/hw/pt-msi.h using Plan A... Hunk #1 succeeded at 1. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_i386-dm_hookstarget.mak => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_i386-dm_hookstarget.mak Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_i386-dm_hookstarget.mak,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen-traditional/i386-dm/hookstarget.mak.orig 2014-10-06 17:50:24.000000000 +0200 |+++ tools/qemu-xen-traditional/i386-dm/hookstarget.mak 2015-01-19 13:16:38.000000000 +0100 -------------------------- Patching file tools/qemu-xen-traditional/i386-dm/hookstarget.mak using Plan A... Hunk #1 succeeded at 2. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_net.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_net.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_net.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ |--- tools/qemu-xen-traditional/net.c.orig 2016-11-29 17:36:38.000000000 +0100 |+++ tools/qemu-xen-traditional/net.c 2017-03-29 18:16:54.000000000 +0200 -------------------------- Patching file tools/qemu-xen-traditional/net.c using Plan A... Hunk #1 succeeded at 990. Hunk #2 succeeded at 1029. Hunk #3 succeeded at 1050. Hunk #4 succeeded at 1969. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_xen-hooks.mak => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen-traditional_xen-hooks.mak Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen-traditional_xen-hooks.mak,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |enable PCI passthrough when pciutils is present | |--- tools/qemu-xen-traditional/xen-hooks.mak.orig 2017-09-15 20:37:27.000000000 +0200 |+++ tools/qemu-xen-traditional/xen-hooks.mak 2018-04-23 16:01:41.000000000 +0200 -------------------------- Patching file tools/qemu-xen-traditional/xen-hooks.mak using Plan A... Hunk #1 succeeded at 26. Hunk #2 succeeded at 71. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen_audio_audio.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen_audio_audio.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen_audio_audio.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/qemu-xen/audio/audio.c.orig 2016-11-24 13:24:26.000000000 +0100 |+++ tools/qemu-xen/audio/audio.c 2017-03-24 18:11:17.000000000 +0100 -------------------------- Patching file tools/qemu-xen/audio/audio.c using Plan A... Hunk #1 succeeded at 1157 (offset 1 line). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen_configure => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen_configure Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen_configure,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |-lrt is needed for shm_open() | |--- tools/qemu-xen/configure.orig 2018-04-17 19:23:23.000000000 +0200 |+++ tools/qemu-xen/configure 2018-04-23 16:07:48.000000000 +0200 -------------------------- Patching file tools/qemu-xen/configure using Plan A... Hunk #1 succeeded at 728 (offset 2 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen_qemu-doc.texi => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_qemu-xen_qemu-doc.texi Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_qemu-xen_qemu-doc.texi,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |Avoid encoding issues in pod2man. | |--- tools/qemu-xen/qemu-doc.texi.orig 2014-12-02 11:41:02.000000000 +0100 |+++ tools/qemu-xen/qemu-doc.texi 2015-01-19 14:24:23.000000000 +0100 -------------------------- Patching file tools/qemu-xen/qemu-doc.texi using Plan A... Hunk #1 succeeded at 196 (offset -24 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenpaging_xenpaging.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenpaging_xenpaging.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xenpaging_xenpaging.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/xenpaging/xenpaging.c.orig 2016-06-20 12:08:22.000000000 +0000 |+++ tools/xenpaging/xenpaging.c -------------------------- Patching file tools/xenpaging/xenpaging.c using Plan A... Hunk #1 succeeded at 181 (offset -1 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenpmd_xenpmd.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenpmd_xenpmd.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xenpmd_xenpmd.c,v 1.3 2019/03/16 16:39:17 bouyer Exp $ | |Elide format-truncation errors with GCC >= 7. | |--- tools/xenpmd/xenpmd.c.orig 2018-07-09 13:47:19.000000000 +0000 |+++ tools/xenpmd/xenpmd.c -------------------------- Patching file tools/xenpmd/xenpmd.c using Plan A... Hunk #1 succeeded at 100. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenstore_xc.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenstore_xc.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xenstore_xc.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/xenstore/xs.c.orig 2015-01-19 15:40:00.000000000 +0100 |+++ tools/xenstore/xs.c 2015-01-19 15:46:56.000000000 +0100 -------------------------- Patching file tools/xenstore/xs.c using Plan A... Hunk #1 succeeded at 807 (offset 82 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenstore_xenstored_core.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenstore_xenstored_core.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xenstore_xenstored_core.c,v 1.1 2021/02/04 11:45:53 bouyer Exp $ | |On error, don't keep socket connection in ignored state but close them. |When the remote end of a socket is closed, xenstored will flag it as an |error and switch the connection to ignored. But on some OSes (e.g. |NetBSD), poll(2) will return only POLLIN in this case, so sockets in ignored |state will stay open forever in xenstored (and it will loop with CPU 100% |busy). | |Signed-off-by: Manuel Bouyer |Fixes: d2fa370d3ef9cbe22d7256c608671cdcdf6e0083 |--- | tools/xenstore/xenstored_core.c | 3 +++ | 1 file changed, 3 insertions(+) | |diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c |index 1ab6f162cb..0fea598352 100644 |--- tools/xenstore/xenstored_core.c.orig |+++ tools/xenstore/xenstored_core.c -------------------------- Patching file tools/xenstore/xenstored_core.c using Plan A... Hunk #1 succeeded at 1368 (offset -72 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenstore_xs_lib.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xenstore_xs_lib.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xenstore_xs_lib.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/xenstore/xs_lib.c.orig |+++ tools/xenstore/xs_lib.c -------------------------- Patching file tools/xenstore/xs_lib.c using Plan A... Hunk #1 succeeded at 52. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xentrace_xentrace.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xentrace_xentrace.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xentrace_xentrace.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/xentrace/xentrace.c.orig 2016-02-09 14:44:19.000000000 +0000 |+++ tools/xentrace/xentrace.c -------------------------- Patching file tools/xentrace/xentrace.c using Plan A... Hunk #1 succeeded at 947 (offset 2 lines). done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xl_Makefile => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-tools_xl_Makefile Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-tools_xl_Makefile,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- tools/xl/Makefile.orig 2018-04-24 12:18:12.000000000 +0200 |+++ tools/xl/Makefile 2018-04-24 12:18:46.000000000 +0200 -------------------------- Patching file tools/xl/Makefile using Plan A... Hunk #1 succeeded at 42. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-xen_Rules.mk => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-xen_Rules.mk Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-xen_Rules.mk,v 1.1 2018/07/24 13:40:11 bouyer Exp $ | |--- xen/Rules.mk.orig 2018-04-23 14:50:02.000000000 +0200 |+++ xen/Rules.mk 2018-04-23 14:50:32.000000000 +0200 -------------------------- Patching file xen/Rules.mk using Plan A... Hunk #1 succeeded at 1. done => Verifying /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-xen_tools_symbols.c => Applying pkgsrc patch /amd/pkgsrc/CHROOT/P/pkgsrc/sysutils/xentools411/patches/patch-xen_tools_symbols.c Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |$NetBSD: patch-xen_tools_symbols.c,v 1.1 2018/07/24 13:40:11 bouyer Exp $ |symbols.c:180:2: error: array subscript has type 'char' [-Werror=char-subscripts] | |--- ./xen/tools/symbols.c 2018-04-23 18:11:57.000000000 +0200 |+++ ./xen/tools/symbols.c.orig 2018-04-23 18:13:15.000000000 +0200 -------------------------- Patching file ./xen/tools/symbols.c using Plan A... Hunk #1 succeeded at 173. done ===> Creating toolchain wrappers for xentools411-4.11.4nb5 ===> Configuring for xentools411-4.11.4nb5 => Substituting "conf" in docs/misc/block-scripts.txt => Fixing getopt_long_only => Substituting "proc" in tools/ocaml/xenstored/select.ml => Modifying GNU configure scripts to avoid --recheck => Replacing config-guess with pkgsrc versions => Replacing config-sub with pkgsrc versions => Replacing install-sh with pkgsrc version => Replacing python interpreter in tools/misc/xen-bugtool tools/misc/xen-ringwatch tools/misc/xencons tools/misc/xenpvnetboot tools/misc/xensymoops tools/python/scripts/convert-legacy-stream tools/python/scripts/verify-stream-v2 tools/xenmon/xenmon.py tools/misc/xencov_split. => Replacing Perl interpreter in ../ipxe/src/util/*.pl ../ipxe/src/drivers/infiniband/qib_genbits.pl ../ipxe/src/util/get-pci-ids tools/examples/xeninfo.pl tools/firmware/rombios/makesym.perl tools/include/xen-external/bsd-sys-queue-h-seddery tools/libxl/check-libxl-api-rules tools/libxl/libxl_save_msgs_gen.pl tools/qemu-xen-traditional/*.pl. => Checking for portability problems in extracted files checking build system type... x86_64--netbsd checking host system type... x86_64--netbsd Will build the following subsystems: xen tools stubdom docs configure: creating ./config.status config.status: creating config/Toplevel.mk config.status: creating config/Paths.mk === configuring in tools (/tmp/sysutils/xentools411/work/xen-4.11.4/tools) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr/pkg' '--disable-seabios' '--sysconfdir=/usr/pkg/etc' '--x-includes=/usr/X11R7/include' '--x-libraries=/usr/X11R7/lib' '--build=x86_64--netbsd' '--host=x86_64--netbsd' '--mandir=/usr/pkg/man' 'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' --cache-file=/dev/null --srcdir=. configure: WARNING: Setting CC, CFLAGS, LDFLAGS, LIBS, CPPFLAGS or CPP is not recommended, use PREPEND_INCLUDES, PREPEND_LIB, APPEND_INCLUDES and APPEND_LIB instead when possible. checking build system type... x86_64--netbsd checking host system type... x86_64--netbsd checking for x86_64--netbsd-gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking for as86... /usr/pkg/bin/as86 checking for ld86... /usr/pkg/bin/ld86 checking for bcc... /usr/pkg/bin/bcc checking for lzma_version_number in -llzma... yes checking for x86_64--netbsd-gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ISO C89... (cached) none needed checking whether make sets $(MAKE)... yes checking for a BSD-compatible install... /usr/bin/install -c -o pbulk -g wheel checking for bison... no checking for flex... /usr/bin/flex checking for perl... /usr/pkg/bin/perl checking for awk... /usr/bin/awk checking for x86_64--netbsd-ocamlc... no checking for ocamlc... ocamlc OCaml version is 4.11.2 OCaml library path is /usr/pkg/lib/ocaml checking for x86_64--netbsd-ocamlopt... no checking for ocamlopt... ocamlopt checking for x86_64--netbsd-ocamlc.opt... no checking for ocamlc.opt... ocamlc.opt checking for x86_64--netbsd-ocamlopt.opt... no checking for ocamlopt.opt... ocamlopt.opt checking for x86_64--netbsd-ocaml... no checking for ocaml... ocaml checking for x86_64--netbsd-ocamldep... no checking for ocamldep... ocamldep checking for x86_64--netbsd-ocamlmktop... no checking for ocamlmktop... ocamlmktop checking for x86_64--netbsd-ocamlmklib... no checking for ocamlmklib... ocamlmklib checking for x86_64--netbsd-ocamldoc... no checking for ocamldoc... ocamldoc checking for x86_64--netbsd-ocamlbuild... no checking for ocamlbuild... no checking for x86_64--netbsd-ocamlfind... no checking for ocamlfind... ocamlfind checking for gawk... /usr/bin/awk checking for x86_64--netbsd-checkpolicy... no checking for checkpolicy... no checking for bash... /tmp/sysutils/xentools411/work/.tools/bin/bash checking for python2.7... /usr/pkg/bin/python2.7 checking for python version >= 2.3 ... yes checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... (cached) /usr/bin/grep checking for egrep... (cached) /usr/bin/egrep checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for python2.7-config... /usr/pkg/bin/python2.7-config checking Python.h usability... yes checking Python.h presence... yes checking for Python.h... yes checking for PyArg_ParseTuple in -lpython2.7... yes checking whether Python setup.py brokenly enables -D_FORTIFY_SOURCE... yes checking for xgettext... /usr/bin/xgettext checking for iasl... /usr/bin/iasl checking uuid/uuid.h usability... no checking uuid/uuid.h presence... no checking for uuid/uuid.h... no checking uuid.h usability... yes checking uuid.h presence... yes checking for uuid.h... yes checking curses.h usability... yes checking curses.h presence... yes checking for curses.h... yes checking for clear in -lcurses... yes checking ncurses.h usability... no checking ncurses.h presence... no checking for ncurses.h... no checking pkg-config is at least version 0.9.0... yes checking for glib... yes checking for pixman... yes checking for wget... no checking for ftp... /tmp/sysutils/xentools411/work/.tools/bin/ftp checking bzlib.h usability... yes checking bzlib.h presence... yes checking for bzlib.h... yes checking for BZ2_bzDecompressInit in -lbz2... yes checking lzma.h usability... yes checking lzma.h presence... yes checking for lzma.h... yes checking for lzma_stream_decoder in -llzma... yes checking lzo/lzo1x.h usability... no checking lzo/lzo1x.h presence... no checking for lzo/lzo1x.h... no checking ext2fs/ext2fs.h usability... no checking ext2fs/ext2fs.h presence... no checking for ext2fs/ext2fs.h... no checking ext4fs/ext2fs.h usability... no checking ext4fs/ext2fs.h presence... no checking for ext4fs/ext2fs.h... no checking for gcry_md_hash_buffer in -lgcrypt... yes checking for pthread flag... -pthread checking libutil.h usability... no checking libutil.h presence... no checking for libutil.h... no checking for openpty et al... -lutil checking for yajl_alloc in -lyajl... yes checking for deflateCopy in -lz... yes checking for libiconv_open in -liconv... no checking argp.h usability... yes checking argp.h presence... yes checking for argp.h... yes checking for argp_usage in -largp... yes checking yajl/yajl_version.h usability... yes checking yajl/yajl_version.h presence... yes checking for yajl/yajl_version.h... yes checking sys/eventfd.h usability... no checking sys/eventfd.h presence... no checking for sys/eventfd.h... no checking valgrind/memcheck.h usability... no checking valgrind/memcheck.h presence... no checking for valgrind/memcheck.h... no checking utmp.h usability... yes checking utmp.h presence... yes checking for utmp.h... yes checking for LIBNL3... no configure: WARNING: Disabling support for Remus network buffering and COLO. Please install libnl3 libraries (including libnl3-route), command line tools and devel headers - version 3.2.8 or higher checking for SYSTEMD... no checking for SYSTEMD... no configure: creating ./config.status config.status: creating ../config/Tools.mk config.status: creating ../config/Paths.mk config.status: creating hotplug/FreeBSD/rc.d/xencommons config.status: creating hotplug/FreeBSD/rc.d/xendriverdomain config.status: creating hotplug/Linux/init.d/sysconfig.xencommons config.status: creating hotplug/Linux/init.d/sysconfig.xendomains config.status: creating hotplug/Linux/init.d/xen-watchdog config.status: creating hotplug/Linux/init.d/xencommons config.status: creating hotplug/Linux/init.d/xendomains config.status: creating hotplug/Linux/init.d/xendriverdomain config.status: creating hotplug/Linux/launch-xenstore config.status: creating hotplug/Linux/vif-setup config.status: creating hotplug/Linux/xen-hotplug-common.sh config.status: creating hotplug/Linux/xendomains config.status: creating hotplug/NetBSD/rc.d/xencommons config.status: creating hotplug/NetBSD/rc.d/xendriverdomain config.status: creating ocaml/xenstored/oxenstored.conf config.status: creating config.h === configuring in stubdom (/tmp/sysutils/xentools411/work/xen-4.11.4/stubdom) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr/pkg' '--disable-seabios' '--sysconfdir=/usr/pkg/etc' '--x-includes=/usr/X11R7/include' '--x-libraries=/usr/X11R7/lib' '--build=x86_64--netbsd' '--host=x86_64--netbsd' '--mandir=/usr/pkg/man' 'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' --cache-file=/dev/null --srcdir=. checking build system type... x86_64--netbsd checking host system type... x86_64--netbsd xyy checking for wget... no checking for ftp... /tmp/sysutils/xentools411/work/.tools/bin/ftp checking for x86_64--netbsd-gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking whether make sets $(MAKE)... yes checking for a BSD-compatible install... /usr/bin/install -c -o pbulk -g wheel checking for cmake... /tmp/sysutils/xentools411/work/.tools/bin/cmake Will build the following stub domains: pv-grub xenstore-stubdom vtpm-stubdom vtpmmgr-stubdom ioemu-stubdom configure: creating ./config.status config.status: creating ../config/Stubdom.mk === configuring in docs (/tmp/sysutils/xentools411/work/xen-4.11.4/docs) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr/pkg' '--disable-seabios' '--sysconfdir=/usr/pkg/etc' '--x-includes=/usr/X11R7/include' '--x-libraries=/usr/X11R7/lib' '--build=x86_64--netbsd' '--host=x86_64--netbsd' '--mandir=/usr/pkg/man' 'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' --cache-file=/dev/null --srcdir=. checking for fig2dev... no configure: WARNING: fig2dev is not available so some documentation won't be built checking for pod2man... /tmp/sysutils/xentools411/work/.tools/bin/pod2man checking for pod2html... /usr/pkg/bin/pod2html checking for pod2text... /usr/pkg/bin/pod2text checking for pandoc... no configure: WARNING: pandoc is not available so some documentation won't be built checking for markdown... no checking for markdown_py... no configure: WARNING: markdown is not available so some documentation won't be built checking for perl... /usr/pkg/bin/perl configure: creating ./config.status config.status: creating ../config/Docs.mk config.status: creating man/xl.cfg.pod.5 config.status: creating man/xl.pod.1