~alpine/aports

1

[alpine-aports] [PATCH] main/e2fsprogs: upgrade to 1.43.7

Daniel Sabogal <dsabogalcc@gmail.com>
Details
Message ID
<20171024191731.13890-1-dsabogalcc@gmail.com>
Sender timestamp
1508872650
DKIM signature
missing
Download raw message
Patch: +2 -3
---
 main/e2fsprogs/APKBUILD | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/main/e2fsprogs/APKBUILD b/main/e2fsprogs/APKBUILD
index a8d1083f1a..db30601d49 100644
--- a/main/e2fsprogs/APKBUILD
+++ b/main/e2fsprogs/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=e2fsprogs
pkgver=1.43.6
pkgver=1.43.7
pkgrel=0
pkgdesc="Standard Ext2/3/4 filesystem utilities"
url="http://e2fsprogs.sourceforge.net"
@@ -29,7 +29,6 @@ build () {
		--disable-libblkid \
		--disable-tls \
		--disable-nls

	make
}

@@ -66,4 +65,4 @@ extra() {
	mv "$pkgdir"/usr "$subpkgdir"/
}

sha512sums="a9d825e756f93c4b5ac2a6fae08eb27277c550c9c64ba5d86f64a06be9b5389f0b6b6dea247eb680f9881169fcdfa738bee619a55e2af286635269496255a53a  e2fsprogs-1.43.6.tar.xz"
sha512sums="2ef270364d3cea620db3c3b9932849d0ff5b49d4a9a9b24f0d1ac36888199bd67432edc5f939d9f697ee0342b71a063e1ad4ce8119528a7adab7a777c1de57ba  e2fsprogs-1.43.7.tar.xz"
-- 
2.14.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH] main/xen: security fix for xsa236 (CVE-2017-15597)

Daniel Sabogal <dsabogalcc@gmail.com>
Details
Message ID
<20171024191731.13890-2-dsabogalcc@gmail.com>
In-Reply-To
<20171024191731.13890-1-dsabogalcc@gmail.com> (view parent)
Sender timestamp
1508872651
DKIM signature
missing
Download raw message
Patch: +71 -1
---
 main/xen/APKBUILD         |  6 ++++-
 main/xen/xsa236-4.9.patch | 66 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 main/xen/xsa236-4.9.patch

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index aefd35f76d..55fdf988ca 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.9.0
pkgrel=6
pkgrel=7
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86_64 armhf aarch64"
@@ -96,6 +96,8 @@ options="!strip"
#     - CVE-2017-15593 XSA-242
#     - CVE-2017-15592 XSA-243
#     - CVE-2017-15594 XSA-244
#   4.9.0-r7:
#     - CVE-2017-15597 XSA-236

case "$CARCH" in
x86*)
@@ -153,6 +155,7 @@ source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgv
	xsa233.patch
	xsa234-4.9.patch
	xsa235-4.9.patch
	xsa236-4.9.patch
	xsa237-1.patch
	xsa237-2.patch
	xsa237-3.patch
@@ -430,6 +433,7 @@ fb742225a4f3dbf2a574c4a6e3ef61a5da0c91aaeed77a2247023bdefcd4e0b6c08f1c9ffb42eaac
a322ac6c5ac2f858a59096108032fd42974eaaeeebd8f4966119149665f32bed281e333e743136e79add2e6f3844d88b6a3e4d5a685c2808702fd3a9e6396cd4  xsa233.patch
cafeef137cd82cefc3e974b42b974c6562e822c9b359efb654ac374e663d9fc123be210eec17b278f40eabb77c93d3bf0ff03e445607159ad0712808a609a906  xsa234-4.9.patch
8bab6e59577b51f0c6b8a547c9a37a257bd0460e7219512e899d25f80a74084745d2a4c54e55ad12526663d40f218cb8f833b71350220d36e3750d002ff43d29  xsa235-4.9.patch
a951c3d29a6b05b42021bd49419becff51123a245256659240a3af5701bbf51e7d3c1a79835a7cc9a5fdf7c1c6aa330a35a586cb56d69d847c256642f0fc8e55  xsa236-4.9.patch
a447b4f0a5379da46b5f0eb5b77eab07c3cfe8d303af6e116e03c7d88a9fc9ea154043165631d29248c07516ab8fdfd5de4da1ccf0ab7358d90fb7f9c87bf221  xsa237-1.patch
10f2d84f783fb8bae5a39c463a32f4ac5d4d2614a7eecf109dcccd5418b8ec5e523691e79b3578d9c7b113f368a94d360acb9534808c440852a91c36369f88fd  xsa237-2.patch
50607fca2e02eed322927e0288c77e7a6c541794fa2c70c78ada0c2fa762b5ad0f3b5108ecb9f01d8826f89dab492d56c502236c70234e6ba741e94a39356ea3  xsa237-3.patch
diff --git a/main/xen/xsa236-4.9.patch b/main/xen/xsa236-4.9.patch
new file mode 100644
index 0000000000..203025dbae
--- /dev/null
+++ b/main/xen/xsa236-4.9.patch
@@ -0,0 +1,66 @@
From: Jan Beulich <jbeulich@suse.com>
Subject: gnttab: fix pin count / page reference race

Dropping page references before decrementing pin counts is a bad idea
if assumptions are being made that a non-zero pin count implies a valid
page. Fix the order of operations in gnttab_copy_release_buf(), but at
the same time also remove the assertion that was found to trigger:
map_grant_ref() also has the potential of causing a race here, and
changing the order of operations there would likely be quite a bit more
involved.

This is XSA-236.

Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -2330,9 +2330,20 @@ __acquire_grant_for_copy(
         td = page_get_owner_and_reference(*page);
         /*
          * act->pin being non-zero should guarantee the page to have a
-         * non-zero refcount and hence a valid owner.
+         * non-zero refcount and hence a valid owner (matching the one on
+         * record), with one exception: If the owning domain is dying we
+         * had better not make implications from pin count (map_grant_ref()
+         * updates pin counts before obtaining page references, for
+         * example).
          */
-        ASSERT(td);
+        if ( td != rd || rd->is_dying )
+        {
+            if ( td )
+                put_page(*page);
+            *page = NULL;
+            rc = GNTST_bad_domain;
+            goto unlock_out_clear;
+        }
     }
 
     act->pin += readonly ? GNTPIN_hstr_inc : GNTPIN_hstw_inc;
@@ -2451,6 +2462,11 @@ static void gnttab_copy_release_buf(stru
         unmap_domain_page(buf->virt);
         buf->virt = NULL;
     }
+    if ( buf->have_grant )
+    {
+        __release_grant_for_copy(buf->domain, buf->ptr.u.ref, buf->read_only);
+        buf->have_grant = 0;
+    }
     if ( buf->have_type )
     {
         put_page_type(buf->page);
@@ -2461,11 +2477,6 @@ static void gnttab_copy_release_buf(stru
         put_page(buf->page);
         buf->page = NULL;
     }
-    if ( buf->have_grant )
-    {
-        __release_grant_for_copy(buf->domain, buf->ptr.u.ref, buf->read_only);
-        buf->have_grant = 0;
-    }
 }
 
 static int gnttab_copy_claim_buf(const struct gnttab_copy *op,
-- 
2.14.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)