X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from SMTP.EU.CITRIX.COM (smtp.eu.citrix.com [46.33.159.39])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 33503DC0182
	for <alpine-devel@lists.alpinelinux.org>; Fri, 11 Jan 2013 17:51:01 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="4.84,453,1355097600"; 
   d="scan'208";a="607851"
Received: from lonpmailmx01.citrite.net ([10.30.203.162])
  by LONPIPO01.EU.CITRIX.COM with ESMTP/TLS/RC4-MD5; 11 Jan 2013 17:50:46 +0000
Received: from localhost.localdomain (10.30.249.242) by
 LONPMAILMX01.citrite.net (10.30.203.162) with Microsoft SMTP Server id
 8.3.279.5; Fri, 11 Jan 2013 17:50:46 +0000
From: Roger Pau Monne <roger.pau@citrix.com>
To: <alpine-devel@lists.alpinelinux.org>
CC: Roger Pau Monne <roger.pau@citrix.com>
Subject: [alpine-devel] [PATCH] xen: add XSA-33 patch
Date: Fri, 11 Jan 2013 18:48:35 +0100
Message-ID: <1357926515-35787-1-git-send-email-roger.pau@citrix.com>
X-Mailer: git-send-email 1.7.7.5 (Apple Git-26)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain

---
 main/xen/APKBUILD                 |    4 +++-
 main/xen/xsa33-4.2-unstable.patch |   21 +++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletions(-)
 create mode 100644 main/xen/xsa33-4.2-unstable.patch

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index c57933e..681a9d4 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: William Pitcock <nenolod@dereferenced.org>
 pkgname=xen
 pkgver=4.2.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Xen hypervisor"
 url="http://www.xen.org/"
 arch="x86 x86_64"
@@ -18,6 +18,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
 	qemu_uclibc_configure.patch
 	librt.patch
 	qemu-xen_paths.patch
+	xsa33-4.2-unstable.patch
 
 	xenstored.initd
 	xenstored.confd
@@ -133,6 +134,7 @@ md5sums="0d48cbe1767b82aba12517898d4e0408  xen-4.2.1.tar.gz
 506e7ab6f9482dc95f230978d340bcd9  qemu_uclibc_configure.patch
 2dc5ddf47c53ea168729975046c3c1f9  librt.patch
 1ccde6b36a6f9542a16d998204dc9a22  qemu-xen_paths.patch
+8aa341b27fac3f93a99113c72671c864  xsa33-4.2-unstable.patch
 95d8af17bf844d41a015ff32aae51ba1  xenstored.initd
 b017ccdd5e1c27bbf1513e3569d4ff07  xenstored.confd
 ed262f15fb880badb53575539468646c  xenconsoled.initd
diff --git a/main/xen/xsa33-4.2-unstable.patch b/main/xen/xsa33-4.2-unstable.patch
new file mode 100644
index 0000000..369d65b
--- /dev/null
+++ b/main/xen/xsa33-4.2-unstable.patch
@@ -0,0 +1,21 @@
+VT-d: fix interrupt remapping source validation for devices behind
+legacy bridges
+
+Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
+uses SVT_VERIFY_SID_SQ here instead.
+
+This is XSA-33 / CVE-2012-5634.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -466,7 +466,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+             else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
+-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
++                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
+         break;
-- 
1.7.7.5 (Apple Git-26)



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---