Bastian Blank
2008-Jul-12 11:34 UTC
[Pkg-xen-changes] r600 - in branches/etch/xen-3.0/debian: . patches
Author: waldi
Date: Sat Jul 12 11:34:28 2008
New Revision: 600
Log:
Fix CVS-2008-2004.
* debian/changelog: Update.
* debian/patches/00list: Add new patch.
* debian/patches/CVE-2008-2004.dpatch: Add.
Added:
branches/etch/xen-3.0/debian/patches/CVE-2008-2004.dpatch (contents, props
changed)
Modified:
branches/etch/xen-3.0/debian/changelog
branches/etch/xen-3.0/debian/patches/00list
Modified: branches/etch/xen-3.0/debian/changelog
=============================================================================---
branches/etch/xen-3.0/debian/changelog (original)
+++ branches/etch/xen-3.0/debian/changelog Sat Jul 12 11:34:28 2008
@@ -4,6 +4,8 @@
See: CVE-2007-5906
* Fix range checks in ioemu block support.
See: CVE-2008-0928
+ * Don''t allow block image format auto-probing.
+ See: CVE-2008-2004
-- Bastian Blank <waldi at debian.org> Sat, 12 Jul 2008 12:52:46 +0200
Modified: branches/etch/xen-3.0/debian/patches/00list
=============================================================================---
branches/etch/xen-3.0/debian/patches/00list (original)
+++ branches/etch/xen-3.0/debian/patches/00list Sat Jul 12 11:34:28 2008
@@ -12,3 +12,4 @@
CVE-2007-1320
CVE-2007-5906
CVE-2008-0928
+CVE-2008-2004
Added: branches/etch/xen-3.0/debian/patches/CVE-2008-2004.dpatch
=============================================================================---
(empty file)
+++ branches/etch/xen-3.0/debian/patches/CVE-2008-2004.dpatch Sat Jul 12
11:34:28 2008
@@ -0,0 +1,133 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+ at DPATCH@
+diff -r 42c6318fb648 -r 9333e98676f8 tools/ioemu/block-vvfat.c
+--- a/tools/ioemu/block-vvfat.c Wed Feb 20 17:46:10 2008 +0000
++++ b/tools/ioemu/block-vvfat.c Sat Jul 12 13:32:21 2008 +0200
+@@ -2738,7 +2738,7 @@ static int enable_write_target(BDRVVVFAT
+ s->qcow_filename, s->sector_count, "fat:", 0) < 0)
+ return -1;
+ s->qcow = bdrv_new("");
+- if (s->qcow == NULL || bdrv_open(s->qcow, s->qcow_filename, 0)
< 0)
++ if (s->qcow == NULL || bdrv_open2(s->qcow, s->qcow_filename, 0,
&bdrv_raw) < 0)
+ return -1;
+
+ #ifndef _WIN32
+diff -r 42c6318fb648 -r 9333e98676f8 tools/ioemu/block.c
+--- a/tools/ioemu/block.c Wed Feb 20 17:46:10 2008 +0000
++++ b/tools/ioemu/block.c Sat Jul 12 13:32:21 2008 +0200
+@@ -240,37 +240,6 @@ static BlockDriver *find_image_format(co
+ return drv;
+ }
+
+-int bdrv_open(BlockDriverState *bs, const char *filename, int snapshot)
+-{
+-#ifdef CONFIG_COCOA
+- if ( strncmp( filename, "/dev/cdrom", 10 ) == 0 ) {
+- kern_return_t kernResult;
+- io_iterator_t mediaIterator;
+- char bsdPath[ MAXPATHLEN ];
+- int fd;
+-
+- kernResult = FindEjectableCDMedia( &mediaIterator );
+- kernResult = GetBSDPath( mediaIterator, bsdPath, sizeof( bsdPath ) );
+-
+- if ( bsdPath[ 0 ] != ''\0'' ) {
+- strcat(bsdPath,"s0");
+- /* some CDs don''t have a partition 0 */
+- fd = open(bsdPath, O_RDONLY | O_BINARY | O_LARGEFILE);
+- if (fd < 0) {
+- bsdPath[strlen(bsdPath)-1] = ''1'';
+- } else {
+- close(fd);
+- }
+- filename = bsdPath;
+- }
+-
+- if ( mediaIterator )
+- IOObjectRelease( mediaIterator );
+- }
+-#endif
+- return bdrv_open2(bs, filename, snapshot, NULL);
+-}
+-
+ int bdrv_open2(BlockDriverState *bs, const char *filename, int snapshot,
+ BlockDriver *drv)
+ {
+@@ -293,7 +262,7 @@ int bdrv_open2(BlockDriverState *bs, con
+ if (!bs1) {
+ return -1;
+ }
+- if (bdrv_open(bs1, filename, 0) < 0) {
++ if (bdrv_open2(bs1, filename, 0, NULL) < 0) {
+ bdrv_delete(bs1);
+ return -1;
+ }
+@@ -340,7 +309,7 @@ int bdrv_open2(BlockDriverState *bs, con
+ bdrv_close(bs);
+ return -1;
+ }
+- if (bdrv_open(bs->backing_hd, bs->backing_file, 0) < 0)
++ if (bdrv_open2(bs->backing_hd, bs->backing_file, 0,
&bdrv_raw) < 0)
+ goto fail;
+ }
+
+diff -r 42c6318fb648 -r 9333e98676f8 tools/ioemu/hw/usb-msd.c
+--- a/tools/ioemu/hw/usb-msd.c Wed Feb 20 17:46:10 2008 +0000
++++ b/tools/ioemu/hw/usb-msd.c Sat Jul 12 13:32:21 2008 +0200
+@@ -383,7 +383,7 @@ USBDevice *usb_msd_init(const char *file
+ return NULL;
+
+ bdrv = bdrv_new("usb");
+- bdrv_open(bdrv, filename, 0);
++ bdrv_open2(bdrv, filename, 0, &bdrv_raw);
+
+ s->dev.speed = USB_SPEED_FULL;
+ s->dev.handle_packet = usb_generic_handle_packet;
+diff -r 42c6318fb648 -r 9333e98676f8 tools/ioemu/monitor.c
+--- a/tools/ioemu/monitor.c Wed Feb 20 17:46:10 2008 +0000
++++ b/tools/ioemu/monitor.c Sat Jul 12 13:32:21 2008 +0200
+@@ -356,7 +356,7 @@ void do_change(const char *device, const
+ }
+ if (eject_device(bs, 0) < 0)
+ return;
+- bdrv_open(bs, filename, 0);
++ bdrv_open2(bs, filename, 0, &bdrv_raw);
+ if (bdrv_is_encrypted(bs)) {
+ term_printf("%s is encrypted.\n", device);
+ for(i = 0; i < 3; i++) {
+diff -r 42c6318fb648 -r 9333e98676f8 tools/ioemu/vl.c
+--- a/tools/ioemu/vl.c Wed Feb 20 17:46:10 2008 +0000
++++ b/tools/ioemu/vl.c Sat Jul 12 13:32:21 2008 +0200
+@@ -6545,7 +6545,7 @@ int main(int argc, char **argv)
+ bdrv_set_type_hint(fd_table[i], BDRV_TYPE_FLOPPY);
+ }
+ if (fd_filename[i] != ''\0'') {
+- if (bdrv_open(fd_table[i], fd_filename[i], snapshot) < 0) {
++ if (bdrv_open2(fd_table[i], fd_filename[i], snapshot,
&bdrv_raw) < 0) {
+ fprintf(stderr, "qemu: could not open floppy disk
image ''%s''\n",
+ fd_filename[i]);
+ exit(1);
+diff -r 42c6318fb648 -r 9333e98676f8 tools/ioemu/xenstore.c
+--- a/tools/ioemu/xenstore.c Wed Feb 20 17:46:10 2008 +0000
++++ b/tools/ioemu/xenstore.c Sat Jul 12 13:32:21 2008 +0200
+@@ -59,6 +59,7 @@ void xenstore_parse_domain_config(int do
+ char *bpath = NULL, *dev = NULL, *params = NULL, *type = NULL;
+ int i;
+ unsigned int len, num, hd_index;
++ BlockDriver *format;
+
+ for(i = 0; i < MAX_DISKS; i++)
+ hd_filename[i] = NULL;
+@@ -127,8 +128,9 @@ void xenstore_parse_domain_config(int do
+ xs_watch(xsh, buf, dev);
+ }
+ if (hd_filename[hd_index]) {
+- if (bdrv_open(bs_table[hd_index], hd_filename[hd_index],
+- 0 /* snapshot */) < 0)
++ /* Force raw! */
++ if (bdrv_open2(bs_table[hd_index], hd_filename[hd_index],
++ 0 /* snapshot */, &bdrv_raw) < 0)
+ fprintf(stderr, "qemu: could not open hard disk image
''%s''\n",
+ hd_filename[hd_index]);
+ }