---
main/lxterminal/APKBUILD | 12 +++++++++---
main/lxterminal/CVE-2016-10369.patch | 26 ++++++++++++++++++++++++++
2 files changed, 35 insertions(+), 3 deletions(-)
create mode 100644 main/lxterminal/CVE-2016-10369.patch
diff --git a/main/lxterminal/APKBUILD b/main/lxterminal/APKBUILD
index 7f227a50ba..534d0bd007 100644
--- a/main/lxterminal/APKBUILD
+++ b/main/lxterminal/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=lxterminal
pkgver=0.3.0
-pkgrel=0
+pkgrel=1
pkgdesc="Desktop-independent VTE-based terminal emulator"
url="http://lxde.org/"
arch="all"
@@ -11,9 +11,14 @@ depends=""
makedepends="vte-dev"
install=""
subpackages="$pkgname-doc $pkgname-lang"
-source="https://downloads.sourceforge.net/lxde/$pkgname-$pkgver.tar.xz"
+source="https://downloads.sourceforge.net/lxde/$pkgname-$pkgver.tar.xz
+ CVE-2016-10369.patch"
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 0.3.0-r1:
+# - CVE-2016-10369
+
build() {
cd "$builddir"
./configure \
@@ -33,4 +38,5 @@ package() {
make DESTDIR="$pkgdir" install || return 1
}
-sha512sums="05eb6ef8904de9e34a4046ded67d3cece5a93a5b19d37d423f3bde67051a2f0a0e3195443669709a8b732d27246852353a2c9ba59026f9d71f8df6bb1152e37f lxterminal-0.3.0.tar.xz"
+sha512sums="05eb6ef8904de9e34a4046ded67d3cece5a93a5b19d37d423f3bde67051a2f0a0e3195443669709a8b732d27246852353a2c9ba59026f9d71f8df6bb1152e37f lxterminal-0.3.0.tar.xz
+e9fc3d612a8a59e4fb7cd5c339759a7450c8829caa3645e9c859e603a450a173a9215670598d696dc8830de1c78b4a62959bfdb166962cd869ae5a9ec8bab33d CVE-2016-10369.patch"
diff --git a/main/lxterminal/CVE-2016-10369.patch b/main/lxterminal/CVE-2016-10369.patch
new file mode 100644
index 0000000000..170ad884be
--- /dev/null
+++ b/main/lxterminal/CVE-2016-10369.patch
@@ -0,0 +1,26 @@
+From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
+From: Yao Wei <mwei@lxde.org>
+Date: Mon, 8 May 2017 00:47:55 +0800
+Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
+
+This bug is pointed out by stackexchange user that putting socket file in
+/tmp is a potential risk. Putting the socket dir in user directory could
+mitigate the risk.
+---
+ src/unixsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/unixsocket.c b/src/unixsocket.c
+index 4c660ac..f88284c 100644
+--- a/src/unixsocket.c
++++ b/src/unixsocket.c
+@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
+ * This function returns TRUE if this process should keep running and FALSE if it should exit. */
+
+ /* Formulate the path for the Unix domain socket. */
+- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
++ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
++ printf("%s\n", socket_path);
+
+ /* Create socket. */
+ int fd = socket(PF_UNIX, SOCK_STREAM, 0);
--
2.13.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
fixes #7502
Security fixes for all applicable XSAs up to (and including) XSA-225
The kernel side of XSA-216 was fixed in 4.9.35
Included modified xattr_size_max.patch from main/qemu 2.8
---
main/xen/APKBUILD | 33 +++---
main/xen/musl-support.patch | 23 +----
main/xen/xenqemu-configure-ifunc.patch | 11 --
main/xen/xenqemu-xattr-size-max.patch | 13 +++
main/xen/xsa213-4.8.patch | 177 ---------------------------------
main/xen/xsa214.patch | 41 --------
6 files changed, 35 insertions(+), 263 deletions(-)
delete mode 100644 main/xen/xenqemu-configure-ifunc.patch
create mode 100644 main/xen/xenqemu-xattr-size-max.patch
delete mode 100644 main/xen/xsa213-4.8.patch
delete mode 100644 main/xen/xsa214.patch
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index e689037c2c..374292e7f6 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Roger Pau Monne <roger.pau@entel.upc.edu>
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
-pkgver=4.8.1
-pkgrel=4
+pkgver=4.9.0
+pkgrel=0
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86_64 armhf"
@@ -59,6 +59,20 @@ options="!strip"
# 4.8.1-r2:
# - CVE-2017-8903 XSA-213
# - CVE-2017-8904 XSA-214
+# 4.9.0-r0:
+# - CVE-2017-10911 XSA-216
+# - CVE-2017-10912 XSA-217
+# - CVE-2017-10913 XSA-218
+# - CVE-2017-10914 XSA-218
+# - CVE-2017-10915 XSA-219
+# - CVE-2017-10916 XSA-220
+# - CVE-2017-10917 XSA-221
+# - CVE-2017-10918 XSA-222
+# - CVE-2017-10919 XSA-223
+# - CVE-2017-10920 XSA-224
+# - CVE-2017-10921 XSA-224
+# - CVE-2017-10922 XSA-224
+# - CVE-2017-10923 XSA-225
case "$CARCH" in
x86*)
@@ -92,7 +106,7 @@ _TPMEMU_VERSION="0.7.4"
# grep ^IPXE_GIT_TAG tools/firmware/etherboot/Makefile
_IPXE_GIT_TAG=827dd1bfee67daa683935ce65316f7e0f057fe1c
-source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.gz
+source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz
http://xenbits.xen.org/xen-extfiles/gmp-$_GMP_VERSION.tar.bz2
http://xenbits.xen.org/xen-extfiles/grub-$_GRUB_VERSION.tar.gz
http://xenbits.xen.org/xen-extfiles/lwip-$_LWIP_VERSION.tar.gz
@@ -103,9 +117,6 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
http://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz
http://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz
- xsa213-4.8.patch
- xsa214.patch
-
qemu-coroutine-gthread.patch
qemu-xen_paths.patch
@@ -122,7 +133,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
xenstore_client_transaction_fix.patch
- xenqemu-configure-ifunc.patch
+ xenqemu-xattr-size-max.patch
xenstored.initd
xenstored.confd
@@ -345,7 +356,7 @@ EOF
}
-sha512sums="9f535b4bb57d285dfb92c974d55513505cf485b2d7218fe8f6ed62768e2cee7f225b08adf6706590b2c0a04feca16e10915297c33b98e1b110f8ea7035f46c15 xen-4.8.1.tar.gz
+sha512sums="97f8075c49ef9ec0adbe95106c0cff4f9379578fd568777697565476c3fd948335d72ddcacf8be65fd9db219c0a35dcdc007f355f7e5874dd950fd4c0a0f966f xen-4.9.0.tar.gz
2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf gmp-4.3.2.tar.bz2
c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb grub-0.97.tar.gz
1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d lwip-1.3.0.tar.gz
@@ -355,20 +366,18 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36
4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35 tpm_emulator-0.7.4.tar.gz
021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e zlib-1.2.3.tar.gz
82ba65e1c676d32b29c71e6395c9506cab952c8f8b03f692e2b50133be8f0c0146d0f22c223262d81a4df579986fde5abc6507869f4965be4846297ef7b4b890 ipxe-git-827dd1bfee67daa683935ce65316f7e0f057fe1c.tar.gz
-a3d0884cb2514c2b59a2715464600618cc41de0c59e0949e37d9544b1790dc43a6580b0d2bb2c7fcc15a518d9899660728b1d7ed961b74b37cabd99f7751c4f2 xsa213-4.8.patch
-ea12702e97b9417ea6c4120dbc7cf9c5e2b89f82b41cfd389069d3238891749474a5d3925d2dc571a7cc2aaf5e88af03ccc9af60046eaa39425b5af05f62fba0 xsa214.patch
c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562 qemu-coroutine-gthread.patch
1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch
f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3 hotplug-vif-vtrill.patch
5514d7697c87f7d54d64723d44446b9bd84f6c984e763bd21d4eeaf502bf0c5b765f7b2180f8ca496b3baf97e7efd600b1cc1fdd1284b6ecbffe9846190ca069 rombios-no-pie.patch
-15d8bfd94ef81b90bfa7480d482d7ff6a5a9dfe6769b3dd3e1d656a95523521e89b9e99f40f3edb457170df8bb5f921d1f720d566a70895882f8197ae0f3708d musl-support.patch
+a3197d9c2455983554610031702ea95dc31f1b375b8c1291207d33c9e6114c6928417b4c8138cb5356ee58d07846963143abba5f204ecaee49eab6f84ad5e4f5 musl-support.patch
77b08e9655e091b0352e4630d520b54c6ca6d659d1d38fbb4b3bfc9ff3e66db433a2e194ead32bb10ff962c382d800a670e82b7a62835b238e294b22808290ea musl-hvmloader-fix-stdint.patch
8c3b57eab8641bcee3dbdc1937ea7874f77b9722a5a0aa3ddb8dff8cc0ced7e19703ef5d998621b3809bea7c16f3346cfa47610ec9ab014ad0de12651c94e5ff stdint_local.h
853467a2d055c5bfbdc7bdca175a334241be44a7c5ac3c0a84a4bc5463b5c070b66d37e2a557429ef860727a6b7350683af758cc2494d85b6be4d883143a2c0d elf_local.h
79cb1b6b81b17cb87a064dfe3548949dfb80f64f203cac11ef327102b7a25794549ce2d9c019ebf05f752214da8e05065e9219d069e679c0ae5bee3d090c685e xen-hotplug-lockfd.patch
e76816c6ad0e91dc5f81947f266da3429b20e6d976c3e8c41202c6179532eec878a3f0913921ef3ac853c5dbad8082da3c9cd53b65081910516feb492577b7fc xen-fd-is-file.c
69dfa60628ca838678862383528654ecbdf4269cbb5c9cfb6b84d976202a8dea85d711aa65a52fa1b477fb0b30604ca70cf1337192d6fb9388a08bbe7fe56077 xenstore_client_transaction_fix.patch
-e0dd7069968d51574d6e5603d5738494b112bfda085bc75f10102658be3b2901d8d253c52927c707668e1cdb62d12c101213e42cd72d9b307fa83d1355a7526a xenqemu-configure-ifunc.patch
+2094ea964fa610b2bf72fd2c7ede7e954899a75c0f5b08030cf1d74460fb759ade84866176e32f8fe29c921dfdc6dafd2b31e23ab9b0a3874d3dceeabdd1913b xenqemu-xattr-size-max.patch
52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd
093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd
3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd
diff --git a/main/xen/musl-support.patch b/main/xen/musl-support.patch
index 67bc27f528..ead6e08d1e 100644
--- a/main/xen/musl-support.patch
+++ b/main/xen/musl-support.patch
@@ -38,7 +38,7 @@
/* child */
- r = login_tty(libxl__carefd_fd(bl->ptys[0].slave));
+ r = setup_console_tty(libxl__carefd_fd(bl->ptys[0].slave));
- if (r) { LOGE(ERROR, "login_tty failed"); exit(-1); }
+ if (r) { LOGED(ERROR, bl->domid, "login_tty failed"); exit(-1); }
libxl__exec(gc, -1, -1, -1, bl->args[0], (char **) bl->args, env);
exit(-1);
--- xen-4.3.1.orig/tools/firmware/hvmloader/acpi/acpi2_0.h
@@ -62,24 +62,3 @@
#include "atomicio.h"
#include "libvhd-journal.h"
---- xen-4.3.1.orig/tools/blktap2/include/atomicio.h
-+++ xen-4.3.1/tools/blktap2/include/atomicio.h
-@@ -25,6 +25,8 @@
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-+#include <sys/types.h>
-+
- /*
- * Ensure all of data on socket comes through. f==read || f==vwrite
- */
---- xen-4.3.1.orig/tools/blktap2/drivers/block-remus.c
-+++ xen-4.3.1/tools/blktap2/drivers/block-remus.c
-@@ -54,7 +54,6 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <sys/param.h>
--#include <sys/sysctl.h>
- #include <unistd.h>
- #include <sys/stat.h>
-
diff --git a/main/xen/xenqemu-configure-ifunc.patch b/main/xen/xenqemu-configure-ifunc.patch
deleted file mode 100644
index a201e141e6..0000000000
--- a/main/xen/xenqemu-configure-ifunc.patch
@@ -1,11 +0,0 @@
---- ./tools/qemu-xen/configure.orig
-+++ ./tools/qemu-xen/configure
-@@ -1805,7 +1805,7 @@
- EOF
- if compile_object "" ; then
- if has readelf; then
-- if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
-+ if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo" && ldd $TMPO >/dev/null 2>&1; then
- avx2_opt="yes"
- fi
- fi
diff --git a/main/xen/xenqemu-xattr-size-max.patch b/main/xen/xenqemu-xattr-size-max.patch
new file mode 100644
index 0000000000..b0c02cbdad
--- /dev/null
+++ b/main/xen/xenqemu-xattr-size-max.patch
@@ -0,0 +1,13 @@
+--- xen-4.9.0/tools/qemu-xen/hw/9pfs/9p.c.orig
++++ xen-4.9.0/tools/qemu-xen/hw/9pfs/9p.c
+@@ -25,6 +25,10 @@
+ #include "trace.h"
+ #include "migration/migration.h"
+
++#ifdef __linux__
++#include <linux/limits.h> /* for XATTR_SIZE_MAX */
++#endif
++
+ int open_fd_hw;
+ int total_open_fd;
+ static int open_fd_rc;
diff --git a/main/xen/xsa213-4.8.patch b/main/xen/xsa213-4.8.patch
deleted file mode 100644
index 2f9fa6ab11..0000000000
--- a/main/xen/xsa213-4.8.patch
@@ -1,177 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: multicall: deal with early exit conditions
-
-In particular changes to guest privilege level require the multicall
-sequence to be aborted, as hypercalls are permitted from kernel mode
-only. While likely not very useful in a multicall, also properly handle
-the return value in the HYPERVISOR_iret case (which should be the guest
-specified value).
-
-This is XSA-213.
-
-Reported-by: Jann Horn <jannh@google.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Acked-by: Julien Grall <julien.grall@arm.com>
-
---- a/xen/arch/arm/traps.c
-+++ b/xen/arch/arm/traps.c
-@@ -1550,7 +1550,7 @@ static bool_t check_multicall_32bit_clea
- return true;
- }
-
--void arch_do_multicall_call(struct mc_state *state)
-+enum mc_disposition arch_do_multicall_call(struct mc_state *state)
- {
- struct multicall_entry *multi = &state->call;
- arm_hypercall_fn_t call = NULL;
-@@ -1558,23 +1558,26 @@ void arch_do_multicall_call(struct mc_st
- if ( multi->op >= ARRAY_SIZE(arm_hypercall_table) )
- {
- multi->result = -ENOSYS;
-- return;
-+ return mc_continue;
- }
-
- call = arm_hypercall_table[multi->op].fn;
- if ( call == NULL )
- {
- multi->result = -ENOSYS;
-- return;
-+ return mc_continue;
- }
-
- if ( is_32bit_domain(current->domain) &&
- !check_multicall_32bit_clean(multi) )
-- return;
-+ return mc_continue;
-
- multi->result = call(multi->args[0], multi->args[1],
- multi->args[2], multi->args[3],
- multi->args[4]);
-+
-+ return likely(!psr_mode_is_user(guest_cpu_user_regs()))
-+ ? mc_continue : mc_preempt;
- }
-
- /*
---- a/xen/arch/x86/hypercall.c
-+++ b/xen/arch/x86/hypercall.c
-@@ -255,15 +255,19 @@ void pv_hypercall(struct cpu_user_regs *
- perfc_incr(hypercalls);
- }
-
--void arch_do_multicall_call(struct mc_state *state)
-+enum mc_disposition arch_do_multicall_call(struct mc_state *state)
- {
-- if ( !is_pv_32bit_vcpu(current) )
-+ struct vcpu *curr = current;
-+ unsigned long op;
-+
-+ if ( !is_pv_32bit_vcpu(curr) )
- {
- struct multicall_entry *call = &state->call;
-
-- if ( (call->op < ARRAY_SIZE(pv_hypercall_table)) &&
-- pv_hypercall_table[call->op].native )
-- call->result = pv_hypercall_table[call->op].native(
-+ op = call->op;
-+ if ( (op < ARRAY_SIZE(pv_hypercall_table)) &&
-+ pv_hypercall_table[op].native )
-+ call->result = pv_hypercall_table[op].native(
- call->args[0], call->args[1], call->args[2],
- call->args[3], call->args[4], call->args[5]);
- else
-@@ -274,15 +278,21 @@ void arch_do_multicall_call(struct mc_st
- {
- struct compat_multicall_entry *call = &state->compat_call;
-
-- if ( (call->op < ARRAY_SIZE(pv_hypercall_table)) &&
-- pv_hypercall_table[call->op].compat )
-- call->result = pv_hypercall_table[call->op].compat(
-+ op = call->op;
-+ if ( (op < ARRAY_SIZE(pv_hypercall_table)) &&
-+ pv_hypercall_table[op].compat )
-+ call->result = pv_hypercall_table[op].compat(
- call->args[0], call->args[1], call->args[2],
- call->args[3], call->args[4], call->args[5]);
- else
- call->result = -ENOSYS;
- }
- #endif
-+
-+ return unlikely(op == __HYPERVISOR_iret)
-+ ? mc_exit
-+ : likely(guest_kernel_mode(curr, guest_cpu_user_regs()))
-+ ? mc_continue : mc_preempt;
- }
-
- /*
---- a/xen/common/multicall.c
-+++ b/xen/common/multicall.c
-@@ -40,6 +40,7 @@ do_multicall(
- struct mc_state *mcs = ¤t->mc_state;
- uint32_t i;
- int rc = 0;
-+ enum mc_disposition disp = mc_continue;
-
- if ( unlikely(__test_and_set_bit(_MCSF_in_multicall, &mcs->flags)) )
- {
-@@ -50,7 +51,7 @@ do_multicall(
- if ( unlikely(!guest_handle_okay(call_list, nr_calls)) )
- rc = -EFAULT;
-
-- for ( i = 0; !rc && i < nr_calls; i++ )
-+ for ( i = 0; !rc && disp == mc_continue && i < nr_calls; i++ )
- {
- if ( i && hypercall_preempt_check() )
- goto preempted;
-@@ -63,7 +64,7 @@ do_multicall(
-
- trace_multicall_call(&mcs->call);
-
-- arch_do_multicall_call(mcs);
-+ disp = arch_do_multicall_call(mcs);
-
- #ifndef NDEBUG
- {
-@@ -77,7 +78,14 @@ do_multicall(
- }
- #endif
-
-- if ( unlikely(__copy_field_to_guest(call_list, &mcs->call, result)) )
-+ if ( unlikely(disp == mc_exit) )
-+ {
-+ if ( __copy_field_to_guest(call_list, &mcs->call, result) )
-+ /* nothing, best effort only */;
-+ rc = mcs->call.result;
-+ }
-+ else if ( unlikely(__copy_field_to_guest(call_list, &mcs->call,
-+ result)) )
- rc = -EFAULT;
- else if ( mcs->flags & MCSF_call_preempted )
- {
-@@ -93,6 +101,9 @@ do_multicall(
- guest_handle_add_offset(call_list, 1);
- }
-
-+ if ( unlikely(disp == mc_preempt) && i < nr_calls )
-+ goto preempted;
-+
- perfc_incr(calls_to_multicall);
- perfc_add(calls_from_multicall, i);
- mcs->flags = 0;
---- a/xen/include/xen/multicall.h
-+++ b/xen/include/xen/multicall.h
-@@ -24,6 +24,10 @@ struct mc_state {
- };
- };
-
--void arch_do_multicall_call(struct mc_state *mc);
-+enum mc_disposition {
-+ mc_continue,
-+ mc_exit,
-+ mc_preempt,
-+} arch_do_multicall_call(struct mc_state *mc);
-
- #endif /* __XEN_MULTICALL_H__ */
diff --git a/main/xen/xsa214.patch b/main/xen/xsa214.patch
deleted file mode 100644
index 46a3d3a4c6..0000000000
--- a/main/xen/xsa214.patch
@@ -1,41 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86: discard type information when stealing pages
-
-While a page having just a single general reference left necessarily
-has a zero type reference count too, its type may still be valid (and
-in validated state; at present this is only possible and relevant for
-PGT_seg_desc_page, as page tables have their type forcibly zapped when
-their type reference count drops to zero, and
-PGT_{writable,shared}_page pages don't require any validation). In
-such a case when the page is being re-used with the same type again,
-validation is being skipped. As validation criteria differ between
-32- and 64-bit guests, pages to be transferred between guests need to
-have their validation indicator zapped (and with it we zap all other
-type information at once).
-
-This is XSA-214.
-
-Reported-by: Jann Horn <jannh@google.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -4466,6 +4466,17 @@ int steal_page(
- y = cmpxchg(&page->count_info, x, x & ~PGC_count_mask);
- } while ( y != x );
-
-+ /*
-+ * With the sole reference dropped temporarily, no-one can update type
-+ * information. Type count also needs to be zero in this case, but e.g.
-+ * PGT_seg_desc_page may still have PGT_validated set, which we need to
-+ * clear before transferring ownership (as validation criteria vary
-+ * depending on domain type).
-+ */
-+ BUG_ON(page->u.inuse.type_info & (PGT_count_mask | PGT_locked |
-+ PGT_pinned));
-+ page->u.inuse.type_info = 0;
-+
- /* Swizzle the owner then reinstate the PGC_allocated reference. */
- page_set_owner(page, NULL);
- y = page->count_info;
--
2.13.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---