43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
$NetBSD: patch-CVE-2015-2152,v 1.1 2015/03/13 10:27:49 spz Exp $
|
|
|
|
xsa119-unstable.patch from upstream.
|
|
XSA-119 is "HVM qemu unexpectedly enabling emulated VGA graphics backends"
|
|
|
|
--- libxl/libxl_dm.c.orig 2015-01-12 16:53:24.000000000 +0000
|
|
+++ libxl/libxl_dm.c
|
|
@@ -180,7 +180,14 @@ static char ** libxl__build_device_model
|
|
if (libxl_defbool_val(vnc->findunused)) {
|
|
flexarray_append(dm_args, "-vncunused");
|
|
}
|
|
- }
|
|
+ } else
|
|
+ /*
|
|
+ * VNC is not enabled by default by qemu-xen-traditional,
|
|
+ * however passing -vnc none causes SDL to not be
|
|
+ * (unexpectedly) enabled by default. This is overridden by
|
|
+ * explicitly passing -sdl below as required.
|
|
+ */
|
|
+ flexarray_append_pair(dm_args, "-vnc", "none");
|
|
|
|
if (sdl) {
|
|
flexarray_append(dm_args, "-sdl");
|
|
@@ -513,7 +520,17 @@ static char ** libxl__build_device_model
|
|
}
|
|
|
|
flexarray_append(dm_args, vncarg);
|
|
- }
|
|
+ } else
|
|
+ /*
|
|
+ * Ensure that by default no vnc server is created.
|
|
+ */
|
|
+ flexarray_append_pair(dm_args, "-vnc", "none");
|
|
+
|
|
+ /*
|
|
+ * Ensure that by default no display backend is created. Further
|
|
+ * options given below might then enable more.
|
|
+ */
|
|
+ flexarray_append_pair(dm_args, "-display", "none");
|
|
|
|
if (sdl) {
|
|
flexarray_append(dm_args, "-sdl");
|