aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-05-20 07:56:07 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-05-20 07:56:07 +0000
commit98f79460df6cf28f150e4bca1a7f976d3d0fe331 (patch)
treeb163584c53bdb6d50a9f86fbc6d1d95c39b99775 /main/xen
parent756a86906db7d0b5303b0a7043672a6326f5f50a (diff)
downloadaports-98f79460df6cf28f150e4bca1a7f976d3d0fe331.tar.bz2
aports-98f79460df6cf28f150e4bca1a7f976d3d0fe331.tar.xz
main/xen: security fix (CVE-2013-2072)
ref #1900
Diffstat (limited to 'main/xen')
-rw-r--r--main/xen/APKBUILD6
-rw-r--r--main/xen/xsa56.patch50
2 files changed, 55 insertions, 1 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 2eff705e31..ac949f215a 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.2.1
-pkgrel=10
+pkgrel=11
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86 x86_64"
@@ -32,6 +32,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
xsa48-4.2.patch
xsa44-4.2.patch
xsa46-4.2.patch
+ xsa56.patch
xenstored.initd
xenstored.confd
@@ -160,6 +161,7 @@ c05bb12fc5b6aa64cd23f2ad623c539a xsa47-4.2-unstable.patch
b3e3a57d189a4f86c9766eaf3b5207f4 xsa48-4.2.patch
85239ba26395b05502ceee5eec968ea7 xsa44-4.2.patch
b955534323681fa461f86c69e4acec75 xsa46-4.2.patch
+e70b9128ffc2175cea314a533a7d8457 xsa56.patch
95d8af17bf844d41a015ff32aae51ba1 xenstored.initd
b017ccdd5e1c27bbf1513e3569d4ff07 xenstored.confd
ed262f15fb880badb53575539468646c xenconsoled.initd
@@ -188,6 +190,7 @@ c29b59492f9d7e3f74bfc41877a2c5cff70436d3738fd91066f396f969aab0a7 xsa47-4.2-unst
dc23077028584e71a08dd0dc9e81552c76744a5ce9d39df5958a95ae9cf3107b xsa48-4.2.patch
c6c3afa228426d78e0484b7ac34210f642f79add35c4a04ca5ff7db5f2539e49 xsa44-4.2.patch
822da2303f1fc69648d7a29eb72fdda8e64baab3edc0e1548456d31e66ed1d7c xsa46-4.2.patch
+a691c5f5332a42c0d38ddb4dc037eb902f01ba31033b64c47d02909a8de0257d xsa56.patch
81d335946c81311c86e2f2112b773a568a5a530c0db9802b2fe559e71bb8b381 xenstored.initd
ea9171e71ab3d33061979bcf3bb737156192aa4b0be4d1234438ced75b6fdef3 xenstored.confd
93bea2eb90ea1b4628854c8141dd351bbd1fbc5959b12795447ea933ad025f01 xenconsoled.initd
@@ -216,6 +219,7 @@ aac646828703eb1f4cf9a94a29eec4901c7fcc37e86e06f60530bee40259bd789d1749d844b341ae
31dd8c62d41cc0a01a79d9b24a5b793f5e2058230808d9c5364c6ff3477ab02f3258f1bbd761d97dc1b97ee120b41524b999eaac77f33b606496fc324b5fa2e4 xsa48-4.2.patch
cfcf8d1af07032bfd3ff9c7a76a8f7d8c6f8b3b084712a494c3ca7624d9a03cbb7cad723b5a1dbc2a99e18a7046c221fae743c8dc42ba09b463f02fd069254d9 xsa44-4.2.patch
35ed4d580d219e977ee1085c223563f51ccd9ce3675df2660d10d99c366a2fe2446269c98ac9dbf57c37de83340f4b0868d0eb3c5d898be4c0fc80357f6ed780 xsa46-4.2.patch
+26a1c2cc92ddd4c1ab6712b0e41a0135d0e76a7fe3a14b651fb0235e352e5a24077414371acccb93058b7ce4d882b667386811170ba74570c53165837bcd983d xsa56.patch
792b062e8a16a2efd3cb4662d379d1500527f2a7ca9228d7831c2bd34f3b9141df949153ea05463a7758c3e3dd9a4182492ad5505fa38e298ecf8c99db77b4ee xenstored.initd
100cf4112f401f45c1e4e885a5074698c484b40521262f6268fad286498e95f4c51e746f0e94eb43a590bb8e813a397bb53801ccacebec9541020799d8d70514 xenstored.confd
12f981b2459c65d66e67ec0b32d0d19b95a029bc54c2a79138cfe488d3524a22e51860f755abfe25ddcdaf1b27f2ded59b6e350b9d5f8791193d00e2d3673137 xenconsoled.initd
diff --git a/main/xen/xsa56.patch b/main/xen/xsa56.patch
new file mode 100644
index 0000000000..1368ac3514
--- /dev/null
+++ b/main/xen/xsa56.patch
@@ -0,0 +1,50 @@
+libxc: limit cpu values when setting vcpu affinity
+
+When support for pinning more than 64 cpus was added, check for cpu
+out-of-range values was removed. This can lead to subsequent
+out-of-bounds cpumap array accesses in case the cpu number is higher
+than the actual count.
+
+This patch returns the check.
+
+This is CVE-2013-2072 / XSA-56
+
+Signed-off-by: Petr Matousek <pmatouse@redhat.com>
+
+diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c
+index e220f68..e611b24 100644
+--- a/tools/python/xen/lowlevel/xc/xc.c
++++ b/tools/python/xen/lowlevel/xc/xc.c
+@@ -228,6 +228,7 @@ static PyObject *pyxc_vcpu_setaffinity(XcObject *self,
+ int vcpu = 0, i;
+ xc_cpumap_t cpumap;
+ PyObject *cpulist = NULL;
++ int nr_cpus;
+
+ static char *kwd_list[] = { "domid", "vcpu", "cpumap", NULL };
+
+@@ -235,6 +236,10 @@ static PyObject *pyxc_vcpu_setaffinity(XcObject *self,
+ &dom, &vcpu, &cpulist) )
+ return NULL;
+
++ nr_cpus = xc_get_max_cpus(self->xc_handle);
++ if ( nr_cpus == 0 )
++ return pyxc_error_to_exception(self->xc_handle);
++
+ cpumap = xc_cpumap_alloc(self->xc_handle);
+ if(cpumap == NULL)
+ return pyxc_error_to_exception(self->xc_handle);
+@@ -244,6 +249,13 @@ static PyObject *pyxc_vcpu_setaffinity(XcObject *self,
+ for ( i = 0; i < PyList_Size(cpulist); i++ )
+ {
+ long cpu = PyInt_AsLong(PyList_GetItem(cpulist, i));
++ if ( cpu < 0 || cpu >= nr_cpus )
++ {
++ free(cpumap);
++ errno = EINVAL;
++ PyErr_SetFromErrno(xc_error_obj);
++ return NULL;
++ }
+ cpumap[cpu / 8] |= 1 << (cpu % 8);
+ }
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 14:45:44 +0000