rpms/xen/F-8 xen.spec, 1.198, 1.199 xen-pvfb-validate-fb.patch, 1.1, 1.2
Markus Armbruster (armbru)
fedora-extras-commits at redhat.com
Fri Jun 13 14:06:45 UTC 2008
Author: armbru
Update of /cvs/pkgs/rpms/xen/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10184
Modified Files:
xen.spec xen-pvfb-validate-fb.patch
Log Message:
Correctly limit PVFB size (CVE-2008-1952)
Index: xen.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xen/F-8/xen.spec,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- xen.spec 14 May 2008 15:49:30 -0000 1.198
+++ xen.spec 13 Jun 2008 14:05:56 -0000 1.199
@@ -3,7 +3,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 3.1.2
-Release: 3%{?dist}
+Release: 4%{?dist}
Group: Development/Libraries
License: GPL
URL: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
@@ -278,6 +278,9 @@
%{_libdir}/*.a
%changelog
+* Fri Jun 13 2008 Markus Armbruster <armbru at redhat.com> - 3.1.2-4.fc8
+- Correctly limit PVFB size (CVE-2008-1952)
+
* Wed May 14 2008 Markus Armbruster <armbru at redhat.com> - 3.1.2-3.fc8
- Disable QEMU image format auto-detection (CVE-2008-2004)
- Fix PVFB to validate frame buffer description (CVE-2008-1943, rhbz #443585)
xen-pvfb-validate-fb.patch:
Index: xen-pvfb-validate-fb.patch
===================================================================
RCS file: /cvs/pkgs/rpms/xen/F-8/xen-pvfb-validate-fb.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- xen-pvfb-validate-fb.patch 14 May 2008 15:49:30 -0000 1.1
+++ xen-pvfb-validate-fb.patch 13 Jun 2008 14:05:56 -0000 1.2
@@ -9,7 +9,7 @@
diff -rup a/tools/ioemu/hw/oldxenfb.c b/tools/ioemu/hw/oldxenfb.c
--- a/tools/ioemu/hw/oldxenfb.c 2008-04-22 15:25:00.000000000 +0200
+++ b/tools/ioemu/hw/oldxenfb.c 2008-04-22 15:27:01.000000000 +0200
-@@ -339,6 +339,54 @@ static void oldxenfb_dev_fatal(struct xe
+@@ -339,6 +339,55 @@ static void oldxenfb_dev_fatal(struct xe
oldxenfb_switch_state(dev, XenbusStateClosing);
}
@@ -27,6 +27,7 @@
+ fprintf(stderr,
+ "FB: frontend fb size %zu limited to %zu\n",
+ fb_len, fb_len_lim);
++ fb_len = fb_len_lim;
+ }
+ if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
+ fprintf(stderr,
@@ -89,7 +90,7 @@
diff -rup a/tools/ioemu/hw/xenfb.c b/tools/ioemu/hw/xenfb.c
--- a/tools/ioemu/hw/xenfb.c 2008-04-22 15:25:00.000000000 +0200
+++ b/tools/ioemu/hw/xenfb.c 2008-04-22 15:26:27.000000000 +0200
-@@ -512,6 +510,54 @@ static void xenfb_dev_fatal(struct xenfb
+@@ -512,6 +510,55 @@ static void xenfb_dev_fatal(struct xenfb
xenfb_switch_state(dev, XenbusStateClosing);
}
@@ -107,6 +108,7 @@
+ fprintf(stderr,
+ "FB: frontend fb size %zu limited to %zu\n",
+ fb_len, fb_len_lim);
++ fb_len = fb_len_lim;
+ }
+ if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
+ fprintf(stderr,
More information about the scm-commits
mailing list