rpms/xen/F-8 xen.spec, 1.198, 1.199 xen-pvfb-validate-fb.patch, 1.1, 1.2

Markus Armbruster (armbru) fedora-extras-commits at redhat.com
Fri Jun 13 14:06:45 UTC 2008 

Author: armbru

Update of /cvs/pkgs/rpms/xen/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10184

Modified Files:
	xen.spec xen-pvfb-validate-fb.patch 
Log Message:
Correctly limit PVFB size (CVE-2008-1952)


Index: xen.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xen/F-8/xen.spec,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- xen.spec	14 May 2008 15:49:30 -0000	1.198
+++ xen.spec	13 Jun 2008 14:05:56 -0000	1.199
@@ -3,7 +3,7 @@
 Summary: Xen is a virtual machine monitor
 Name:    xen
 Version: 3.1.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group:   Development/Libraries
 License: GPL
 URL:     http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
@@ -278,6 +278,9 @@
 %{_libdir}/*.a
 
 %changelog
+* Fri Jun 13 2008 Markus Armbruster <armbru at redhat.com> - 3.1.2-4.fc8
+- Correctly limit PVFB size (CVE-2008-1952)
+
 * Wed May 14 2008 Markus Armbruster <armbru at redhat.com> - 3.1.2-3.fc8
 - Disable QEMU image format auto-detection (CVE-2008-2004)
 - Fix PVFB to validate frame buffer description (CVE-2008-1943, rhbz #443585)

xen-pvfb-validate-fb.patch:

Index: xen-pvfb-validate-fb.patch
===================================================================
RCS file: /cvs/pkgs/rpms/xen/F-8/xen-pvfb-validate-fb.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- xen-pvfb-validate-fb.patch	14 May 2008 15:49:30 -0000	1.1
+++ xen-pvfb-validate-fb.patch	13 Jun 2008 14:05:56 -0000	1.2
@@ -9,7 +9,7 @@
 diff -rup a/tools/ioemu/hw/oldxenfb.c b/tools/ioemu/hw/oldxenfb.c
 --- a/tools/ioemu/hw/oldxenfb.c	2008-04-22 15:25:00.000000000 +0200
 +++ b/tools/ioemu/hw/oldxenfb.c	2008-04-22 15:27:01.000000000 +0200
-@@ -339,6 +339,54 @@ static void oldxenfb_dev_fatal(struct xe
+@@ -339,6 +339,55 @@ static void oldxenfb_dev_fatal(struct xe
  	oldxenfb_switch_state(dev, XenbusStateClosing);
  }
  
@@ -27,6 +27,7 @@
 +		fprintf(stderr,
 +			"FB: frontend fb size %zu limited to %zu\n",
 +			fb_len, fb_len_lim);
++		fb_len = fb_len_lim;
 +	}
 +	if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
 +		fprintf(stderr,
@@ -89,7 +90,7 @@
 diff -rup a/tools/ioemu/hw/xenfb.c b/tools/ioemu/hw/xenfb.c
 --- a/tools/ioemu/hw/xenfb.c	2008-04-22 15:25:00.000000000 +0200
 +++ b/tools/ioemu/hw/xenfb.c	2008-04-22 15:26:27.000000000 +0200
-@@ -512,6 +510,54 @@ static void xenfb_dev_fatal(struct xenfb
+@@ -512,6 +510,55 @@ static void xenfb_dev_fatal(struct xenfb
  	xenfb_switch_state(dev, XenbusStateClosing);
  }
  
@@ -107,6 +108,7 @@
 +		fprintf(stderr,
 +			"FB: frontend fb size %zu limited to %zu\n",
 +			fb_len, fb_len_lim);
++		fb_len = fb_len_lim;
 +	}
 +	if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
 +		fprintf(stderr,

More information about the fedora-extras-commits mailing list