head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.2
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.1.0.2
	pkgsrc-2012Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2013.01.17.19.37.55;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2012.12.05.19.16.27;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to 4.1.4
changes:
-fixes for many vulnerabilities (were mostly patched in pkgsrc)
-bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:
 -A fix for a long standing time management issue
 -Bug fixes for S3 (suspend to RAM) handling
 -Bug fixes for other low level system state handling

pkgsrc note:
fixes for CVE-2012-5634 (interrupt issue on IOMMU systems)
and CVE-2012-6075 (oversized packets from e1000 driver)
are already included
@
text
@$NetBSD: patch-CVE-2012-5513_1,v 1.1 2012/12/05 19:16:27 drochner Exp $

see http://lists.xen.org/archives/html/xen-announce/2012-12/msg00004.html

--- xen/common/compat/memory.c.orig	2012-08-10 13:51:47.000000000 +0000
+++ xen/common/compat/memory.c
@@@@ -114,6 +114,12 @@@@ int compat_memory_op(unsigned int cmd, X
                   (cmp.xchg.out.nr_extents << cmp.xchg.out.extent_order)) )
                 return -EINVAL;
 
+            if ( !compat_handle_okay(cmp.xchg.in.extent_start,
+                                     cmp.xchg.in.nr_extents) ||
+                 !compat_handle_okay(cmp.xchg.out.extent_start,
+                                     cmp.xchg.out.nr_extents) )
+                return -EFAULT;
+
             start_extent = cmp.xchg.nr_exchanged;
             end_extent = (COMPAT_ARG_XLAT_SIZE - sizeof(*nat.xchg)) /
                          (((1U << ABS(order_delta)) + 1) *
@


1.1
log
@add another batch of security patches from upstream
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@