rpms/xen/devel xen.spec, 1.215, 1.216 xen-pvfb-validate-fb.patch, 1.1, 1.2

[Markus Armbruster (armbru)]

Author: armbru

Update of /cvs/pkgs/rpms/xen/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11166

Modified Files:
	xen.spec xen-pvfb-validate-fb.patch 
Log Message:
Correctly limit PVFB size (CVE-2008-1952)


Index: xen.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xen/devel/xen.spec,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -r1.215 -r1.216
--- xen.spec	3 Jun 2008 15:46:51 -0000	1.215
+++ xen.spec	13 Jun 2008 14:26:37 -0000	1.216
@@ -2,7 +2,7 @@
 
 # Always set these 3 tags
 %define base_version 3.2.0
-%define base_release 12
+%define base_release 13
 
 # Hypervisor ABI
 %define hv_abi  3.2
@@ -464,6 +464,9 @@
 %{_libdir}/*.a
 
 %changelog
+* Fri Jun 13 2008 Markus Armbruster <armbru at redhat.com> - 3.2.0-13.fc10
+- Correctly limit PVFB size (CVE-2008-1952)
+
 * Tue Jun  3 2008 Daniel P. Berrange <berrange at redhat.com> - 3.2.0-12.fc10
 - Move /var/run/xend into xen-runtime for pygrub (rhbz #442052)
 

xen-pvfb-validate-fb.patch:

Index: xen-pvfb-validate-fb.patch
===================================================================
RCS file: /cvs/pkgs/rpms/xen/devel/xen-pvfb-validate-fb.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- xen-pvfb-validate-fb.patch	14 May 2008 16:08:56 -0000	1.1
+++ xen-pvfb-validate-fb.patch	13 Jun 2008 14:26:37 -0000	1.2
@@ -18,7 +18,7 @@
  struct xenfb;
  
  struct xenfb_device {
-@@ -476,6 +474,55 @@ void xenfb_shutdown(struct xenfb *xenfb)
+@@ -476,6 +474,56 @@ void xenfb_shutdown(struct xenfb *xenfb)
  	free(xenfb);
  }
  
@@ -36,6 +36,7 @@
 +		fprintf(stderr,
 +			"FB: frontend fb size %zu limited to %zu\n",
 +			fb_len, fb_len_lim);
++		fb_len = fb_len_lim;
 +	}
 +	if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
 +		fprintf(stderr,