diff options
| author | drochner <drochner@pkgsrc.org> | 2014-01-24 17:07:35 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2014-01-24 17:07:35 +0000 |
| commit | f3259aa1e62e30cc60824a9240de82ed2a2d10ec (patch) | |
| tree | 45e429c4dddca159380342ac73bbaafac85498c2 /sysutils | |
| parent | 07b91c87665062450b9c4d9b68630cb7919f582a (diff) | |
| download | pkgsrc-f3259aa1e62e30cc60824a9240de82ed2a2d10ec.tar.gz | |
add patch from upstream to add missing privilege check
from the advisory:
Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.
Only PV guests can take advantage of this vulnerability.
(CVE-2014-1666)
bump PKGREV
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel41/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2014-1666 | 17 |
3 files changed, 21 insertions, 3 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index b8475351e8f..848ea1660b8 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.30 2013/12/04 10:35:01 drochner Exp $ +# $NetBSD: Makefile,v 1.31 2014/01/24 17:07:35 drochner Exp $ # VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index 1286133b2c1..6bf3ee6311a 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2013/12/04 10:35:01 drochner Exp $ +$NetBSD: distinfo,v 1.25 2014/01/24 17:07:35 drochner Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 @@ -14,6 +14,7 @@ SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3 SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1 SHA1 (patch-CVE-2013-6885_1) = 6fc88c8c98393e90dd895c160108ff2ee17cee2e SHA1 (patch-CVE-2013-6885_2) = be3c99ba3e349492d45cd4f2fce0acc26ac1a96d +SHA1 (patch-CVE-2014-1666) = acf27080799d4aae6a03b556caadb01081d5314e SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 diff --git a/sysutils/xenkernel41/patches/patch-CVE-2014-1666 b/sysutils/xenkernel41/patches/patch-CVE-2014-1666 new file mode 100644 index 00000000000..5606447d4cf --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2014-1666 @@ -0,0 +1,17 @@ +$NetBSD: patch-CVE-2014-1666,v 1.1 2014/01/24 17:07:36 drochner Exp $ + +http://lists.xenproject.org/archives/html/xen-devel/2014-01/msg02075.html + +--- xen/arch/x86/physdev.c.orig 2014-01-24 16:04:18.000000000 +0000 ++++ xen/arch/x86/physdev.c 2014-01-24 16:05:09.000000000 +0000 +@@ -554,7 +554,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H + case PHYSDEVOP_release_msix: { + struct physdev_pci_device dev; + +- if ( copy_from_guest(&dev, arg, 1) ) ++ if ( !IS_PRIV(v->domain) ) ++ ret = -EPERM; ++ else if ( copy_from_guest(&dev, arg, 1) ) + ret = -EFAULT; + else if ( dev.seg ) + ret = -EOPNOTSUPP; |