svn commit: r434071 - in branches/2017Q1/sysutils/xen-tools: . files
Roger Pau Monné
royger at FreeBSD.org
Tue Feb 14 10:25:02 UTC 2017
Author: royger (src committer)
Date: Tue Feb 14 10:25:01 2017
New Revision: 434071
URL: https://svnweb.freebsd.org/changeset/ports/434071
Log:
MFH: r434070
xen: fix build failure after XSA-208
Sponsored by: Citrix Systems R&D
Approved by: ports-secteam (build fix blanket)
Modified:
branches/2017Q1/sysutils/xen-tools/Makefile
branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch
Directory Properties:
branches/2017Q1/ (props changed)
Modified: branches/2017Q1/sysutils/xen-tools/Makefile
==============================================================================
--- branches/2017Q1/sysutils/xen-tools/Makefile Tue Feb 14 10:22:49 2017 (r434070)
+++ branches/2017Q1/sysutils/xen-tools/Makefile Tue Feb 14 10:25:01 2017 (r434071)
@@ -3,7 +3,7 @@
PORTNAME= xen
PKGNAMESUFFIX= -tools
PORTVERSION= 4.7.1
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= sysutils emulators
MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/
Modified: branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch
==============================================================================
--- branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch Tue Feb 14 10:22:49 2017 (r434070)
+++ branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch Tue Feb 14 10:25:01 2017 (r434071)
@@ -1,40 +1,47 @@
-From: Li Qiang <address at hidden>
+From 7eaaf4ba68fab40f1945d761438bdaa44fbf37d7 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s at 360.cn>
+Date: Thu, 9 Feb 2017 14:36:41 -0800
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
When doing bitblt copy in backward mode, we should minus the
blt width first just like the adding in the forward mode. This
can avoid the oob access of the front of vga's vram.
-Signed-off-by: Li Qiang <address at hidden>
-Message-id: address at hidden
+This is XSA-208.
+
+upstream-commit-id: 62d4c6bd5263bb8413a06c80144fc678df6dfb64
+
+Signed-off-by: Li Qiang <liqiang6-s at 360.cn>
{ kraxel: with backward blits (negative pitch) addr is the topmost
address, so check it as-is against vram size ]
-[ This is CVE-2017-2615 / XSA-208 - Ian Jackson ]
-
-Cc: address at hidden
-Cc: P J P <address at hidden>
-Cc: Laszlo Ersek <address at hidden>
-Cc: Paolo Bonzini <address at hidden>
-Cc: Wolfgang Bumiller <address at hidden>
+Cc: qemu-stable at nongnu.org
+Cc: P J P <ppandit at redhat.com>
+Cc: Laszlo Ersek <lersek at redhat.com>
+Cc: Paolo Bonzini <pbonzini at redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller at proxmox.com>
Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
-Signed-off-by: Gerd Hoffmann <address at hidden>
+Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel at redhat.com
+Reviewed-by: Laszlo Ersek <lersek at redhat.com>
+Signed-off-by: Stefano Stabellini <sstabellini at kernel.org>
---
hw/display/cirrus_vga.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index bdb092e..3bbe3d5 100644
+index 5198037..7bf3707 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
-@@ -277,10 +277,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
- }
+@@ -272,10 +272,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
if (pitch < 0) {
int64_t min = addr
- + ((int64_t)s->cirrus_blt_height-1) * pitch;
- int32_t max = addr
- + s->cirrus_blt_width;
-- if (min < 0 || max > s->vga.vram_size) {
+- if (min < 0 || max >= s->vga.vram_size) {
+ + ((int64_t)s->cirrus_blt_height - 1) * pitch
+ - s->cirrus_blt_width;
+ if (min < -1 || addr >= s->vga.vram_size) {
@@ -42,4 +49,5 @@ index bdb092e..3bbe3d5 100644
}
} else {
--
-1.8.3.1
+2.10.1 (Apple Git-78)
+
More information about the svn-ports-all
mailing list