Date: Tue, 14 Feb 2017 10:25:01 +0000 (UTC) From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <royger@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r434071 - in branches/2017Q1/sysutils/xen-tools: . files Message-ID: <201702141025.v1EAP135077766@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: royger (src committer) Date: Tue Feb 14 10:25:01 2017 New Revision: 434071 URL: https://svnweb.freebsd.org/changeset/ports/434071 Log: MFH: r434070 xen: fix build failure after XSA-208 Sponsored by: Citrix Systems R&D Approved by: ports-secteam (build fix blanket) Modified: branches/2017Q1/sysutils/xen-tools/Makefile branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch Directory Properties: branches/2017Q1/ (props changed) Modified: branches/2017Q1/sysutils/xen-tools/Makefile ============================================================================== --- branches/2017Q1/sysutils/xen-tools/Makefile Tue Feb 14 10:22:49 2017 (r434070) +++ branches/2017Q1/sysutils/xen-tools/Makefile Tue Feb 14 10:25:01 2017 (r434071) @@ -3,7 +3,7 @@ PORTNAME= xen PKGNAMESUFFIX= -tools PORTVERSION= 4.7.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= sysutils emulators MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/ Modified: branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch ============================================================================== --- branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch Tue Feb 14 10:22:49 2017 (r434070) +++ branches/2017Q1/sysutils/xen-tools/files/xsa208-qemuu.patch Tue Feb 14 10:25:01 2017 (r434071) @@ -1,40 +1,47 @@ -From: Li Qiang <address@hidden> +From 7eaaf4ba68fab40f1945d761438bdaa44fbf37d7 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Thu, 9 Feb 2017 14:36:41 -0800 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615) When doing bitblt copy in backward mode, we should minus the blt width first just like the adding in the forward mode. This can avoid the oob access of the front of vga's vram. -Signed-off-by: Li Qiang <address@hidden> -Message-id: address@hidden +This is XSA-208. + +upstream-commit-id: 62d4c6bd5263bb8413a06c80144fc678df6dfb64 + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> { kraxel: with backward blits (negative pitch) addr is the topmost address, so check it as-is against vram size ] -[ This is CVE-2017-2615 / XSA-208 - Ian Jackson ] - -Cc: address@hidden -Cc: P J P <address@hidden> -Cc: Laszlo Ersek <address@hidden> -Cc: Paolo Bonzini <address@hidden> -Cc: Wolfgang Bumiller <address@hidden> +Cc: qemu-stable@nongnu.org +Cc: P J P <ppandit@redhat.com> +Cc: Laszlo Ersek <lersek@redhat.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Wolfgang Bumiller <w.bumiller@proxmox.com> Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) -Signed-off-by: Gerd Hoffmann <address@hidden> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com +Reviewed-by: Laszlo Ersek <lersek@redhat.com> +Signed-off-by: Stefano Stabellini <sstabellini@kernel.org> --- hw/display/cirrus_vga.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c -index bdb092e..3bbe3d5 100644 +index 5198037..7bf3707 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c -@@ -277,10 +277,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, - } +@@ -272,10 +272,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + { if (pitch < 0) { int64_t min = addr - + ((int64_t)s->cirrus_blt_height-1) * pitch; - int32_t max = addr - + s->cirrus_blt_width; -- if (min < 0 || max > s->vga.vram_size) { +- if (min < 0 || max >= s->vga.vram_size) { + + ((int64_t)s->cirrus_blt_height - 1) * pitch + - s->cirrus_blt_width; + if (min < -1 || addr >= s->vga.vram_size) { @@ -42,4 +49,5 @@ index bdb092e..3bbe3d5 100644 } } else { -- -1.8.3.1 +2.10.1 (Apple Git-78) +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702141025.v1EAP135077766>