[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel41 add patch from upstream to add mi...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a32efeed6f07
branches:  trunk
changeset: 629621:a32efeed6f07
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Jan 24 17:07:35 2014 +0000

description:
add patch from upstream to add missing privilege check
from the advisory:
Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.
Only PV guests can take advantage of this vulnerability.
(CVE-2014-1666)
bump PKGREV

diffstat:

 sysutils/xenkernel41/Makefile                    |   4 ++--
 sysutils/xenkernel41/distinfo                    |   3 ++-
 sysutils/xenkernel41/patches/patch-CVE-2014-1666 |  17 +++++++++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diffs (54 lines):

diff -r 449d6a400477 -r a32efeed6f07 sysutils/xenkernel41/Makefile
--- a/sysutils/xenkernel41/Makefile     Fri Jan 24 16:37:19 2014 +0000
+++ b/sysutils/xenkernel41/Makefile     Fri Jan 24 17:07:35 2014 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.30 2013/12/04 10:35:01 drochner Exp $
+# $NetBSD: Makefile,v 1.31 2014/01/24 17:07:35 drochner Exp $
 #
 
 VERSION=       4.1.6.1
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel41-${VERSION}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff -r 449d6a400477 -r a32efeed6f07 sysutils/xenkernel41/distinfo
--- a/sysutils/xenkernel41/distinfo     Fri Jan 24 16:37:19 2014 +0000
+++ b/sysutils/xenkernel41/distinfo     Fri Jan 24 17:07:35 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2013/12/04 10:35:01 drochner Exp $
+$NetBSD: distinfo,v 1.25 2014/01/24 17:07:35 drochner Exp $
 
 SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
@@ -14,6 +14,7 @@
 SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1
 SHA1 (patch-CVE-2013-6885_1) = 6fc88c8c98393e90dd895c160108ff2ee17cee2e
 SHA1 (patch-CVE-2013-6885_2) = be3c99ba3e349492d45cd4f2fce0acc26ac1a96d
+SHA1 (patch-CVE-2014-1666) = acf27080799d4aae6a03b556caadb01081d5314e
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
diff -r 449d6a400477 -r a32efeed6f07 sysutils/xenkernel41/patches/patch-CVE-2014-1666
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel41/patches/patch-CVE-2014-1666  Fri Jan 24 17:07:35 2014 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-CVE-2014-1666,v 1.1 2014/01/24 17:07:36 drochner Exp $
+
+http://lists.xenproject.org/archives/html/xen-devel/2014-01/msg02075.html
+
+--- xen/arch/x86/physdev.c.orig        2014-01-24 16:04:18.000000000 +0000
++++ xen/arch/x86/physdev.c     2014-01-24 16:05:09.000000000 +0000
+@@ -554,7 +554,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
+     case PHYSDEVOP_release_msix: {
+         struct physdev_pci_device dev;
+ 
+-        if ( copy_from_guest(&dev, arg, 1) )
++        if ( !IS_PRIV(v->domain) )
++          ret = -EPERM;
++        else if ( copy_from_guest(&dev, arg, 1) )
+             ret = -EFAULT;
+         else if ( dev.seg )
+             ret = -EOPNOTSUPP;