diff options
| author |   Roy Marples <uberlord@gentoo.org> | 2007-05-10 10:24:54 +0000 |
|---|---|---|
| committer | Roy Marples <uberlord@gentoo.org> | 2007-05-10 10:24:54 +0000 |
| commit | bc00a2261f3b3a91c8ae410dba3a77955fd3fd2e (patch) | |
| tree | f396b315e70b26906b8ad1a8caad816630fe16ce /sys-freebsd/freebsd-sources | |
| parent | removed doc use flag as not used in ebuild and build.xml (diff) | |
| download | gentoo-2-bc00a2261f3b3a91c8ae410dba3a77955fd3fd2e.tar.gz gentoo-2-bc00a2261f3b3a91c8ae410dba3a77955fd3fd2e.tar.bz2 gentoo-2-bc00a2261f3b3a91c8ae410dba3a77955fd3fd2e.zip | |
Add a security fix to disable IPv6 source routing headers.
(Portage version: 2.1.2.7)
Diffstat (limited to 'sys-freebsd/freebsd-sources')
4 files changed, 163 insertions, 1 deletions
diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog index 1b6eccf1f033..2a7ea64a6cba 100644 --- a/sys-freebsd/freebsd-sources/ChangeLog +++ b/sys-freebsd/freebsd-sources/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-freebsd/freebsd-sources # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.36 2007/05/09 09:29:08 uberlord Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.37 2007/05/10 10:24:54 uberlord Exp $ + +*freebsd-sources-6.2-r1 (10 May 2007) + + 10 May 2007; Roy Marples <uberlord@gentoo.org> + +files/freebsd-sources-6.2-ipv6.patch, +freebsd-sources-6.2-r1.ebuild: + Add a security fix to disable IPv6 source routing headers. 09 May 2007; Roy Marples <uberlord@gentoo.org> +files/freebsd-sources-6.2-debug-O2.patch, freebsd-sources-6.2.ebuild: diff --git a/sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 b/sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 new file mode 100644 index 000000000000..f15ec910fc83 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 @@ -0,0 +1,3 @@ +MD5 79c16213744e76d3bf13a9ac21ede56d freebsd-sys-6.2.tar.bz2 18344936 +RMD160 784230e22ccaf09933ef3f053ff29cc3e579786a freebsd-sys-6.2.tar.bz2 18344936 +SHA256 a754371d88601aaab7152bb3d127bd3777db912e13a26a866e13ba34934c5e5b freebsd-sys-6.2.tar.bz2 18344936 diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch new file mode 100644 index 000000000000..1f4c0e7664d0 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch @@ -0,0 +1,66 @@ +Index: sys/netinet6/in6.h +=================================================================== +RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6.h,v +retrieving revision 1.36.2.7 +diff -u -r1.36.2.7 in6.h +--- sys/netinet6/in6.h 20 Aug 2006 19:28:43 -0000 1.36.2.7 ++++ sys/netinet6/in6.h 24 Apr 2007 03:11:29 -0000 +@@ -574,5 +574,6 @@ + #define IPV6CTL_STEALTH 45 +-#define IPV6CTL_MAXID 46 ++#define IPV6CTL_RTHDR0_ALLOWED 46 ++#define IPV6CTL_MAXID 47 + #endif /* __BSD_VISIBLE */ + + /* +Index: sys/netinet6/in6_proto.c +=================================================================== +RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6_proto.c,v +retrieving revision 1.32.2.5 +diff -u -r1.32.2.5 in6_proto.c +--- sys/netinet6/in6_proto.c 16 Oct 2006 15:11:18 -0000 1.32.2.5 ++++ sys/netinet6/in6_proto.c 24 Apr 2007 07:46:54 -0000 +@@ -376,6 +376,8 @@ + #ifdef IPSTEALTH + int ip6stealth = 0; + #endif ++int ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */ ++ /* by default. */ + + /* icmp6 */ + /* +@@ -519,6 +521,9 @@ + SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW, + &ip6stealth, 0, ""); + #endif ++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED, ++ rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, ""); ++ + + /* net.inet6.icmp6 */ + SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, +Index: sys/netinet6/route6.c +=================================================================== +RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/route6.c,v +retrieving revision 1.11.2.1 +diff -u -r1.11.2.1 route6.c +--- sys/netinet6/route6.c 4 Nov 2005 20:26:15 -0000 1.11.2.1 ++++ sys/netinet6/route6.c 24 Apr 2007 08:06:00 -0000 +@@ -49,6 +49,8 @@ + + #include <netinet/icmp6.h> + ++extern int ip6_rthdr0_allowed; ++ + static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *, + struct ip6_rthdr0 *)); + +@@ -88,6 +90,8 @@ + + switch (rh->ip6r_type) { + case IPV6_RTHDR_TYPE_0: ++ if (!ip6_rthdr0_allowed) ++ return (IPPROTO_DONE); + rhlen = (rh->ip6r_len + 1) << 3; + #ifndef PULLDOWN_TEST + /* diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r1.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r1.ebuild new file mode 100644 index 000000000000..3d2a96710590 --- /dev/null +++ b/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r1.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r1.ebuild,v 1.1 2007/05/10 10:24:54 uberlord Exp $ + +inherit bsdmk freebsd flag-o-matic + +DESCRIPTION="FreeBSD kernel sources" +SLOT="${PVR}" +KEYWORDS="~sparc-fbsd ~x86-fbsd" + +IUSE="symlink" + +SRC_URI="mirror://gentoo/${SYS}.tar.bz2" + +RDEPEND=">=sys-freebsd/freebsd-mk-defs-6.0-r1" +DEPEND="" + +RESTRICT="strip binchecks" + +S="${WORKDIR}/sys" + +MY_PVR="${PVR}" + +[[ ${MY_PVR} == "${RV}" ]] && MY_PVR="${MY_PVR}-r0" + +src_unpack() { + unpack ${A} + cd "${S}" + + # This replaces the gentoover patch, it doesn't need reapply every time. + sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \ + -e 's:^BRANCH=.*:BRANCH="Gentoo":' \ + -e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \ + "${S}/conf/newvers.sh" + + epatch "${FILESDIR}/${PN}-gentoo.patch" + epatch "${FILESDIR}/${PN}-6.0-flex-2.5.31.patch" + epatch "${FILESDIR}/${PN}-6.0-asm.patch" + epatch "${FILESDIR}/${PN}-6.0-werror.patch" + epatch "${FILESDIR}/${PN}-6.2-gcc41.patch" + epatch "${FILESDIR}/${PN}-6.2-sparc64.patch" + epatch "${FILESDIR}/${PN}-6.1-ntfs.patch" + epatch "${FILESDIR}/${PN}-6.2-debug-O2.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc + epatch "${FILESDIR}/${PN}-6.2-ipv6.patch" + + # Disable SSP for the kernel + grep -Zlr -- -ffreestanding "${S}" | xargs -0 sed -i -e \ + "s:-ffreestanding:-ffreestanding $(test-flags -fno-stack-protector -fno-stack-protector-all):g" +} + +src_compile() { + einfo "Nothing to compile.." +} + +src_install() { + insinto "/usr/src/sys-${MY_PVR}" + doins -r "${S}/"* +} + +pkg_postinst() { + if [[ ! -L "${ROOT}/usr/src/sys" ]]; then + einfo "/usr/src/sys symlink doesn't exist; creating symlink to sys-${MY_PVR}..." + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + # just in case... + [[ -L ""${ROOT}/usr/src/sys-${RV}"" ]] && rm "${ROOT}/usr/src/sys-${RV}" + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys-${RV}" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys-${RV} symlink." + elif use symlink; then + einfo "Updating /usr/src/sys symlink to sys-${MY_PVR}..." + rm "${ROOT}/usr/src/sys" "${ROOT}/usr/src/sys-${RV}" || \ + eerror "Couldn't remove previous symlinks, please fix manually." + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys-${RV}" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys-${RV} symlink." + fi + + if use sparc-fbsd ; then + ewarn "WARNING: kldload currently causes kernel panics" + ewarn "on sparc64. This is probably a gcc-4.1 issue, but" + ewarn "we need gcc-4.1 to compile the kernel correctly :/" + ewarn "Please compile all modules you need into the kernel" + fi +} |