Update patch for XSA-226 (fixes a regression).
http://openwall.com/lists/oss-security/2017/08/29/2
Include fix for XSA-235.
---
main/xen/APKBUILD | 8 ++++++--
main/xen/xsa226-1.patch | 15 +++++++++++++++
main/xen/xsa235-4.9.patch | 49 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 70 insertions(+), 2 deletions(-)
create mode 100644 main/xen/xsa235-4.9.patch
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 1274b35f4a..f450aa810a 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.9.0
-pkgrel=1
+pkgrel=2
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86_64 armhf"
@@ -78,6 +78,8 @@ options="!strip"
# - CVE-2017-12137 XSA-227
# - CVE-2017-12136 XSA-228
# - CVE-2017-12855 XSA-230
+# 4.9.0-r2:
+# - XSA-235
case "$CARCH" in
x86*)
@@ -127,6 +129,7 @@ source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgv
xsa227.patch
xsa228.patch
xsa230.patch
+ xsa235-4.9.patch
qemu-coroutine-gthread.patch
qemu-xen_paths.patch
@@ -377,11 +380,12 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36
4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35 tpm_emulator-0.7.4.tar.gz
021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e zlib-1.2.3.tar.gz
82ba65e1c676d32b29c71e6395c9506cab952c8f8b03f692e2b50133be8f0c0146d0f22c223262d81a4df579986fde5abc6507869f4965be4846297ef7b4b890 ipxe-git-827dd1bfee67daa683935ce65316f7e0f057fe1c.tar.gz
-e934ba5be6a526d164cb4c8bb71a679f2fedeaddb82d8f5ebbbbe3cbfaa6dd639c4e94662c6b7a9d066195f2a59e8d14dc3ee55dc94c09b4475d455d881b2741 xsa226-1.patch
+45fed43bbdcf63fc3ded0a2629e27a5d58306a244dba2e005cf8814aa50cde962c41e5e72075a1d678eb9c18af17e1cbf078884214fd29df0ad551977c9880c2 xsa226-1.patch
4d1e729c592efefd705233b49484991801606b2122a64ff14abbf994bb3e77ec75c4989d43753ce2043cc4fe13d34fb1cef7ee1adb291ff16625bb3b125e5508 xsa226-2.patch
7d66494e833d46f8a213af0f2b107a12617d5e8b45c3b07daee229c75bd6aad98284bc0e19f15706d044b58273cc7f0c193ef8553faa22fadeae349689e763c8 xsa227.patch
d406f14531af707325790909d08ce299ac2f2cb4b87f9a8ddb0fba10bd83bed84cc1633e07632cc2f841c50bc1a9af6240c89539a2e6ba6028cb127e218f86fc xsa228.patch
df174a1675f74b73e78bc3cb1c9f16536199dfd1922c0cc545a807e92bc24941a816891838258e118f477109548487251a7eaccb2d1dd9b6994c8c76fc5b058f xsa230.patch
+8bab6e59577b51f0c6b8a547c9a37a257bd0460e7219512e899d25f80a74084745d2a4c54e55ad12526663d40f218cb8f833b71350220d36e3750d002ff43d29 xsa235-4.9.patch
c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562 qemu-coroutine-gthread.patch
1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch
f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3 hotplug-vif-vtrill.patch
diff --git a/main/xen/xsa226-1.patch b/main/xen/xsa226-1.patch
index 7711d3f888..d60bbe2db1 100644
--- a/main/xen/xsa226-1.patch
+++ b/main/xen/xsa226-1.patch
@@ -16,6 +16,21 @@ This is part of CVE-2017-12135 / XSA-226.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
+--- a/xen/common/compat/grant_table.c
++++ b/xen/common/compat/grant_table.c
+@@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int cmd,
+ rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n);
+ if ( rc > 0 )
+ {
+- ASSERT(rc < n);
+- i -= n - rc;
+- n = rc;
++ ASSERT(rc <= n);
++ i -= rc;
++ n -= rc;
+ }
+ if ( rc >= 0 )
+ {
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -2103,8 +2103,10 @@ __release_grant_for_copy(
diff --git a/main/xen/xsa235-4.9.patch b/main/xen/xsa235-4.9.patch
new file mode 100644
index 0000000000..25dd650755
--- /dev/null
+++ b/main/xen/xsa235-4.9.patch
@@ -0,0 +1,49 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
+
+Commit 55021ff9ab ("xen/arm: add_to_physmap_one: Avoid to map mfn 0 if
+an error occurs") introduced error paths not releasing the grant table
+lock. Replace them by a suitable check after the lock was dropped.
+
+This is XSA-235.
+
+Reported-by: Wei Liu <wei.liu2@citrix.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+
+--- a/xen/arch/arm/mm.c
++++ b/xen/arch/arm/mm.c
+@@ -1164,7 +1164,7 @@ int xenmem_add_to_physmap_one(
+ if ( idx < nr_status_frames(d->grant_table) )
+ mfn = virt_to_mfn(d->grant_table->status[idx]);
+ else
+- return -EINVAL;
++ mfn = mfn_x(INVALID_MFN);
+ }
+ else
+ {
+@@ -1175,14 +1175,21 @@ int xenmem_add_to_physmap_one(
+ if ( idx < nr_grant_frames(d->grant_table) )
+ mfn = virt_to_mfn(d->grant_table->shared_raw[idx]);
+ else
+- return -EINVAL;
++ mfn = mfn_x(INVALID_MFN);
+ }
+
+- d->arch.grant_table_gfn[idx] = gfn;
++ if ( mfn != mfn_x(INVALID_MFN) )
++ {
++ d->arch.grant_table_gfn[idx] = gfn;
+
+- t = p2m_ram_rw;
++ t = p2m_ram_rw;
++ }
+
+ grant_write_unlock(d->grant_table);
++
++ if ( mfn == mfn_x(INVALID_MFN) )
++ return -EINVAL;
++
+ break;
+ case XENMAPSPACE_shared_info:
+ if ( idx != 0 )
--
2.14.1
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
---
main/xen/APKBUILD | 13 +++++++++----
main/xen/musl-support.patch | 10 ++++++++++
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index f450aa810a..3dacbf1ea1 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,10 +3,10 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.9.0
-pkgrel=2
+pkgrel=3
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
-arch="x86_64 armhf"
+arch="x86_64 armhf aarch64"
license="GPL"
depends="bash iproute2 logrotate"
depends_dev="libressl-dev python2-dev e2fsprogs-dev gettext zlib-dev ncurses-dev
@@ -89,6 +89,9 @@ x86*)
arm*)
makedepends="$makedepends dtc-dev"
;;
+aarch64)
+ makedepends="$makedepends dtc-dev iasl"
+ ;;
esac
install=""
@@ -166,6 +169,7 @@ _seabios=/usr/share/seabios/bios-256k.bin
# Override wrong arch detection from xen-$pkgver/Config.mk.
case "$CARCH" in
armhf) export XEN_TARGET_ARCH="arm32";;
+aarch64) export XEN_TARGET_ARCH="arm64";;
esac
prepare() {
@@ -233,7 +237,8 @@ munge_cflags() {
unset LC_ALL
case "$CARCH" in
- armhf) export CFLAGS="-mcpu=cortex-a15";;
+ armhf) export CFLAGS="-mcpu=cortex-a15";;
+ aarch64) export CFLAGS="-mcpu=cortex-a53";;
esac
}
@@ -390,7 +395,7 @@ c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5a
1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch
f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3 hotplug-vif-vtrill.patch
5514d7697c87f7d54d64723d44446b9bd84f6c984e763bd21d4eeaf502bf0c5b765f7b2180f8ca496b3baf97e7efd600b1cc1fdd1284b6ecbffe9846190ca069 rombios-no-pie.patch
-a3197d9c2455983554610031702ea95dc31f1b375b8c1291207d33c9e6114c6928417b4c8138cb5356ee58d07846963143abba5f204ecaee49eab6f84ad5e4f5 musl-support.patch
+e635cf27ca022ca5bc829e089b5e9a3ce9e566d4701d06bc38a22e356de45a71bc33e170d6db333d4efe8389144419cc27834a2eee0bcae9118d4ca9aff64306 musl-support.patch
77b08e9655e091b0352e4630d520b54c6ca6d659d1d38fbb4b3bfc9ff3e66db433a2e194ead32bb10ff962c382d800a670e82b7a62835b238e294b22808290ea musl-hvmloader-fix-stdint.patch
8c3b57eab8641bcee3dbdc1937ea7874f77b9722a5a0aa3ddb8dff8cc0ced7e19703ef5d998621b3809bea7c16f3346cfa47610ec9ab014ad0de12651c94e5ff stdint_local.h
853467a2d055c5bfbdc7bdca175a334241be44a7c5ac3c0a84a4bc5463b5c070b66d37e2a557429ef860727a6b7350683af758cc2494d85b6be4d883143a2c0d elf_local.h
diff --git a/main/xen/musl-support.patch b/main/xen/musl-support.patch
index ead6e08d1e..ec9bd7722d 100644
--- a/main/xen/musl-support.patch
+++ b/main/xen/musl-support.patch
@@ -62,3 +62,13 @@
#include "atomicio.h"
#include "libvhd-journal.h"
+--- xen-4.9.0.orig/tools/libxl/libxl_arm_acpi.c
++++ xen-4.9.0/tools/libxl/libxl_arm_acpi.c
+@@ -37,7 +37,7 @@ typedef int64_t s64;
+ #define BITS_PER_LONG 32
+ #endif
+ #endif
+-#define ACPI_MACHINE_WIDTH __BITS_PER_LONG
++#define ACPI_MACHINE_WIDTH BITS_PER_LONG
+ #define COMPILER_DEPENDENT_INT64 int64_t
+ #define COMPILER_DEPENDENT_UINT64 uint64_t
--
2.14.1
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---