Patches for aports can be sent to this list

1

[alpine-aports] [PATCH 1/2] main/xen: security fixes (XSA-226 and XSA-235)

Daniel Sabogal
Details
Message ID
<20170904214853.11088-1-dsabogalcc@gmail.com>
Sender timestamp
1504561732
DKIM signature
missing
Download raw message
Patch: +70 -2
Update patch for XSA-226 (fixes a regression).
http://openwall.com/lists/oss-security/2017/08/29/2

Include fix for XSA-235.
---
 main/xen/APKBUILD         |  8 ++++++--
 main/xen/xsa226-1.patch   | 15 +++++++++++++++
 main/xen/xsa235-4.9.patch | 49 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 2 deletions(-)
 create mode 100644 main/xen/xsa235-4.9.patch

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 1274b35f4a..f450aa810a 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: William Pitcock <nenolod@dereferenced.org>
 pkgname=xen
 pkgver=4.9.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Xen hypervisor"
 url="http://www.xen.org/"
 arch="x86_64 armhf"
@@ -78,6 +78,8 @@ options="!strip"
 #     - CVE-2017-12137 XSA-227
 #     - CVE-2017-12136 XSA-228
 #     - CVE-2017-12855 XSA-230
+#   4.9.0-r2:
+#     - XSA-235
 
 case "$CARCH" in
 x86*)
@@ -127,6 +129,7 @@ source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgv
 	xsa227.patch
 	xsa228.patch
 	xsa230.patch
+	xsa235-4.9.patch
 
 	qemu-coroutine-gthread.patch
 	qemu-xen_paths.patch
@@ -377,11 +380,12 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36
 4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35  tpm_emulator-0.7.4.tar.gz
 021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e  zlib-1.2.3.tar.gz
 82ba65e1c676d32b29c71e6395c9506cab952c8f8b03f692e2b50133be8f0c0146d0f22c223262d81a4df579986fde5abc6507869f4965be4846297ef7b4b890  ipxe-git-827dd1bfee67daa683935ce65316f7e0f057fe1c.tar.gz
-e934ba5be6a526d164cb4c8bb71a679f2fedeaddb82d8f5ebbbbe3cbfaa6dd639c4e94662c6b7a9d066195f2a59e8d14dc3ee55dc94c09b4475d455d881b2741  xsa226-1.patch
+45fed43bbdcf63fc3ded0a2629e27a5d58306a244dba2e005cf8814aa50cde962c41e5e72075a1d678eb9c18af17e1cbf078884214fd29df0ad551977c9880c2  xsa226-1.patch
 4d1e729c592efefd705233b49484991801606b2122a64ff14abbf994bb3e77ec75c4989d43753ce2043cc4fe13d34fb1cef7ee1adb291ff16625bb3b125e5508  xsa226-2.patch
 7d66494e833d46f8a213af0f2b107a12617d5e8b45c3b07daee229c75bd6aad98284bc0e19f15706d044b58273cc7f0c193ef8553faa22fadeae349689e763c8  xsa227.patch
 d406f14531af707325790909d08ce299ac2f2cb4b87f9a8ddb0fba10bd83bed84cc1633e07632cc2f841c50bc1a9af6240c89539a2e6ba6028cb127e218f86fc  xsa228.patch
 df174a1675f74b73e78bc3cb1c9f16536199dfd1922c0cc545a807e92bc24941a816891838258e118f477109548487251a7eaccb2d1dd9b6994c8c76fc5b058f  xsa230.patch
+8bab6e59577b51f0c6b8a547c9a37a257bd0460e7219512e899d25f80a74084745d2a4c54e55ad12526663d40f218cb8f833b71350220d36e3750d002ff43d29  xsa235-4.9.patch
 c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562  qemu-coroutine-gthread.patch
 1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3  qemu-xen_paths.patch
 f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3  hotplug-vif-vtrill.patch
diff --git a/main/xen/xsa226-1.patch b/main/xen/xsa226-1.patch
index 7711d3f888..d60bbe2db1 100644
--- a/main/xen/xsa226-1.patch
+++ b/main/xen/xsa226-1.patch
@@ -16,6 +16,21 @@ This is part of CVE-2017-12135 / XSA-226.
 
 Signed-off-by: Jan Beulich <jbeulich@suse.com>
 
+--- a/xen/common/compat/grant_table.c
+@@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int cmd,
+                 rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n);
+             if ( rc > 0 )
+             {
+-                ASSERT(rc < n);
+-                i -= n - rc;
+-                n = rc;
++                ASSERT(rc <= n);
++                i -= rc;
++                n -= rc;
+             }
+             if ( rc >= 0 )
+             {
 --- a/xen/common/grant_table.c
 +++ b/xen/common/grant_table.c
 @@ -2103,8 +2103,10 @@ __release_grant_for_copy(
diff --git a/main/xen/xsa235-4.9.patch b/main/xen/xsa235-4.9.patch
new file mode 100644
index 0000000000..25dd650755
--- /dev/null
+++ b/main/xen/xsa235-4.9.patch
@@ -0,0 +1,49 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
+
+Commit 55021ff9ab ("xen/arm: add_to_physmap_one: Avoid to map mfn 0 if
+an error occurs") introduced error paths not releasing the grant table
+lock. Replace them by a suitable check after the lock was dropped.
+
+This is XSA-235.
+
+Reported-by: Wei Liu <wei.liu2@citrix.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+
+--- a/xen/arch/arm/mm.c
+@@ -1164,7 +1164,7 @@ int xenmem_add_to_physmap_one(
+             if ( idx < nr_status_frames(d->grant_table) )
+                 mfn = virt_to_mfn(d->grant_table->status[idx]);
+             else
+-                return -EINVAL;
++                mfn = mfn_x(INVALID_MFN);
+         }
+         else
+         {
+@@ -1175,14 +1175,21 @@ int xenmem_add_to_physmap_one(
+             if ( idx < nr_grant_frames(d->grant_table) )
+                 mfn = virt_to_mfn(d->grant_table->shared_raw[idx]);
+             else
+-                return -EINVAL;
++                mfn = mfn_x(INVALID_MFN);
+         }
+ 
+-        d->arch.grant_table_gfn[idx] = gfn;
++        if ( mfn != mfn_x(INVALID_MFN) )
++        {
++            d->arch.grant_table_gfn[idx] = gfn;
+ 
+-        t = p2m_ram_rw;
++            t = p2m_ram_rw;
++        }
+ 
+         grant_write_unlock(d->grant_table);
++
++        if ( mfn == mfn_x(INVALID_MFN) )
++            return -EINVAL;
++
+         break;
+     case XENMAPSPACE_shared_info:
+         if ( idx != 0 )
-- 
2.14.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 2/2] main/xen: enable on aarch64

Daniel Sabogal
Details
Message ID
<20170904214853.11088-2-dsabogalcc@gmail.com>
In-Reply-To
<20170904214853.11088-1-dsabogalcc@gmail.com> (view parent)
Sender timestamp
1504561733
DKIM signature
missing
Download raw message
Patch: +19 -4
---
 main/xen/APKBUILD           | 13 +++++++++----
 main/xen/musl-support.patch | 10 ++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index f450aa810a..3dacbf1ea1 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,10 +3,10 @@
 # Maintainer: William Pitcock <nenolod@dereferenced.org>
 pkgname=xen
 pkgver=4.9.0
-pkgrel=2
+pkgrel=3
 pkgdesc="Xen hypervisor"
 url="http://www.xen.org/"
-arch="x86_64 armhf"
+arch="x86_64 armhf aarch64"
 license="GPL"
 depends="bash iproute2 logrotate"
 depends_dev="libressl-dev python2-dev e2fsprogs-dev gettext zlib-dev ncurses-dev
@@ -89,6 +89,9 @@ x86*)
 arm*)
 	makedepends="$makedepends dtc-dev"
 	;;
+aarch64)
+	makedepends="$makedepends dtc-dev iasl"
+	;;
 esac
 
 install=""
@@ -166,6 +169,7 @@ _seabios=/usr/share/seabios/bios-256k.bin
 # Override wrong arch detection from xen-$pkgver/Config.mk.
 case "$CARCH" in
 armhf) export XEN_TARGET_ARCH="arm32";;
+aarch64) export XEN_TARGET_ARCH="arm64";;
 esac
 
 prepare() {
@@ -233,7 +237,8 @@ munge_cflags() {
 	unset LC_ALL
 
 	case "$CARCH" in
-	armhf)	export CFLAGS="-mcpu=cortex-a15";;
+	armhf) export CFLAGS="-mcpu=cortex-a15";;
+	aarch64) export CFLAGS="-mcpu=cortex-a53";;
 	esac
 }
 
@@ -390,7 +395,7 @@ c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5a
 1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3  qemu-xen_paths.patch
 f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3  hotplug-vif-vtrill.patch
 5514d7697c87f7d54d64723d44446b9bd84f6c984e763bd21d4eeaf502bf0c5b765f7b2180f8ca496b3baf97e7efd600b1cc1fdd1284b6ecbffe9846190ca069  rombios-no-pie.patch
-a3197d9c2455983554610031702ea95dc31f1b375b8c1291207d33c9e6114c6928417b4c8138cb5356ee58d07846963143abba5f204ecaee49eab6f84ad5e4f5  musl-support.patch
+e635cf27ca022ca5bc829e089b5e9a3ce9e566d4701d06bc38a22e356de45a71bc33e170d6db333d4efe8389144419cc27834a2eee0bcae9118d4ca9aff64306  musl-support.patch
 77b08e9655e091b0352e4630d520b54c6ca6d659d1d38fbb4b3bfc9ff3e66db433a2e194ead32bb10ff962c382d800a670e82b7a62835b238e294b22808290ea  musl-hvmloader-fix-stdint.patch
 8c3b57eab8641bcee3dbdc1937ea7874f77b9722a5a0aa3ddb8dff8cc0ced7e19703ef5d998621b3809bea7c16f3346cfa47610ec9ab014ad0de12651c94e5ff  stdint_local.h
 853467a2d055c5bfbdc7bdca175a334241be44a7c5ac3c0a84a4bc5463b5c070b66d37e2a557429ef860727a6b7350683af758cc2494d85b6be4d883143a2c0d  elf_local.h
diff --git a/main/xen/musl-support.patch b/main/xen/musl-support.patch
index ead6e08d1e..ec9bd7722d 100644
--- a/main/xen/musl-support.patch
+++ b/main/xen/musl-support.patch
@@ -62,3 +62,13 @@
  
  #include "atomicio.h"
  #include "libvhd-journal.h"
+--- xen-4.9.0.orig/tools/libxl/libxl_arm_acpi.c
+@@ -37,7 +37,7 @@ typedef int64_t s64;
+ #define BITS_PER_LONG 32
+ #endif
+ #endif
+-#define ACPI_MACHINE_WIDTH __BITS_PER_LONG
++#define ACPI_MACHINE_WIDTH BITS_PER_LONG
+ #define COMPILER_DEPENDENT_INT64 int64_t
+ #define COMPILER_DEPENDENT_UINT64 uint64_t
-- 
2.14.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---