Fri Jan 24 17:07:36 2014 UTC ()

add patch from upstream to add missing privilege check
from the advisory:
Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.
Only PV guests can take advantage of this vulnerability.
(CVE-2014-1666)
bump PKGREV


(drochner)

diff -r1.30 -r1.31 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.24 -r1.25 pkgsrc/sysutils/xenkernel41/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2014-1666

--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2013/12/04 10:35:01 1.30
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2014/01/24 17:07:35 1.31

 @@ -1,20 +1,20 @@
-# $NetBSD: Makefile,v 1.30 2013/12/04 10:35:01 drochner Exp $
+# $NetBSD: Makefile,v 1.31 2014/01/24 17:07:35 drochner Exp $
+#
 VERSION=	4.1.6.1
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel41-${VERSION}
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 MAINTAINER=	cegger@NetBSD.org
 HOMEPAGE=	http://xen.org/
 COMMENT=	Xen 4.1.x Kernel
 LICENSE=        gnu-gpl-v2
 ONLY_FOR_PLATFORM=	Linux-2.6*-i386 Linux-2.6*-x86_64
 ONLY_FOR_PLATFORM+=	NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386
 NO_CONFIGURE=	yes

--- pkgsrc/sysutils/xenkernel41/Attic/distinfo 2013/12/04 10:35:01 1.24
+++ pkgsrc/sysutils/xenkernel41/Attic/distinfo 2014/01/24 17:07:35 1.25

 @@ -1,23 +1,24 @@
-$NetBSD: distinfo,v 1.24 2013/12/04 10:35:01 drochner Exp $
+$NetBSD: distinfo,v 1.25 2014/01/24 17:07:35 drochner Exp $
 SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
 Size (xen-4.1.6.1.tar.gz) = 10428485 bytes
 SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1
 SHA1 (patch-CVE-2013-4355_1) = a28e4fc0cbe5409a759e689ff1af82792f560a39
 SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509
 SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f
 SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8
 SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241
 SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15
 SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3
 SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1
 SHA1 (patch-CVE-2013-6885_1) = 6fc88c8c98393e90dd895c160108ff2ee17cee2e
 SHA1 (patch-CVE-2013-6885_2) = be3c99ba3e349492d45cd4f2fce0acc26ac1a96d
 SHA1 (patch-CVE-2014-1666) = acf27080799d4aae6a03b556caadb01081d5314e
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
 SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b
 SHA1 (patch-xen_arch_x86_time.c) = 1611959c08ad79e3f042ac70c8d9d57b60225289
 SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0
 SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70

$NetBSD: patch-CVE-2014-1666,v 1.1 2014/01/24 17:07:36 drochner Exp $

http://lists.xenproject.org/archives/html/xen-devel/2014-01/msg02075.html

--- xen/arch/x86/physdev.c.orig	2014-01-24 16:04:18.000000000 +0000
+++ xen/arch/x86/physdev.c	2014-01-24 16:05:09.000000000 +0000
@@ -554,7 +554,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
     case PHYSDEVOP_release_msix: {
         struct physdev_pci_device dev;
 
-        if ( copy_from_guest(&dev, arg, 1) )
+        if ( !IS_PRIV(v->domain) )
+	    ret = -EPERM;
+        else if ( copy_from_guest(&dev, arg, 1) )
             ret = -EFAULT;
         else if ( dev.seg )
             ret = -EOPNOTSUPP;