From 6d4035d3cc07d809e1200d298299f6d6881c84fa Mon Sep 17 00:00:00 2001 From: Naohiro Aota Date: Sun, 17 Nov 2013 04:22:55 +0000 Subject: Add Eratta/CVE patch. #482076 Package-Manager: portage-2.2.7/cvs/Linux x86_64 Manifest-Sign-Key: 0xF8551514 --- sys-freebsd/freebsd-sources/ChangeLog | 12 ++- sys-freebsd/freebsd-sources/Manifest | 24 +++++- .../files/freebsd-sources-9.1-cve-2013-3077.patch | 26 +++++++ .../files/freebsd-sources-9.1-cve-2013-5209.patch | 19 +++++ .../files/freebsd-sources-9.1-cve-2013-5691.patch | 89 +++++++++++++++++++++ .../files/freebsd-sources-9.1-cve-2013-5710.patch | 28 +++++++ .../freebsd-sources/freebsd-sources-9.1-r4.ebuild | 90 ++++++++++++++++++++++ 7 files changed, 283 insertions(+), 5 deletions(-) create mode 100644 sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch create mode 100644 sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch create mode 100644 sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch create mode 100644 sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch create mode 100644 sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild (limited to 'sys-freebsd') diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog index c1e08dda21c9..afdcb0d26000 100644 --- a/sys-freebsd/freebsd-sources/ChangeLog +++ b/sys-freebsd/freebsd-sources/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-freebsd/freebsd-sources # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.100 2013/11/09 09:18:11 aballier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.101 2013/11/17 04:22:41 naota Exp $ + +*freebsd-sources-9.1-r4 (17 Nov 2013) + + 17 Nov 2013; Naohiro Aota + +files/freebsd-sources-9.1-cve-2013-3077.patch, + +files/freebsd-sources-9.1-cve-2013-5209.patch, + +files/freebsd-sources-9.1-cve-2013-5691.patch, + +files/freebsd-sources-9.1-cve-2013-5710.patch, + +freebsd-sources-9.1-r4.ebuild: + Add Eratta/CVE patch. #482076 *freebsd-sources-9.2 (09 Nov 2013) diff --git a/sys-freebsd/freebsd-sources/Manifest b/sys-freebsd/freebsd-sources/Manifest index 98d16f352ceb..1dfa08397067 100644 --- a/sys-freebsd/freebsd-sources/Manifest +++ b/sys-freebsd/freebsd-sources/Manifest @@ -14,13 +14,18 @@ AUX freebsd-sources-8.2-unix2.patch 1642 SHA256 6dd35d13a13f5e9333557a84b56c89fc AUX freebsd-sources-9.0-disable-optimization.patch 927 SHA256 e8ad8d8ed1f729b7b22839a7af93b3dd667f257b05db95f408c48b270003a486 SHA512 0b74874d42eab95994309b922f37ebbf3706d01db6c447c9f062b03e64b77c7f793bc297150b539acdf39530a8afd91f4bf824a87c674dd625a59056656c614b WHIRLPOOL 86f9586a3f07118f95e5fbce1a65fdd3be8dd701ed1bee1379ed2133cef3d9473b437826a13ec2a53c73f7b3e1003256d912a45eb80c86195749a8cd08f9813c AUX freebsd-sources-9.0-ipv6refcount.patch 3259 SHA256 18186ef2f9fc020c0da053953b9e8c8629c2302082e0ee172dd7e84a7104bdd5 SHA512 04d89da7ab4c50d3405ff18eea49f94ffff34375c6333a6bb84bc81a63046ba12f384d256e010dc1b64a186650c7ad4702403ed933e6a678d2c5ee4238b56658 WHIRLPOOL c0511b2fec1f2ecc8a6e3aba23808a4c60a4c94f45693b6f21a30cb01386e24969fcc9b655584c78a501524579f7e266993fdd6d565525740f4f8e04f47b55a9 AUX freebsd-sources-9.0-sysctluint.patch 403 SHA256 884fbc5d6d3766ea3d4609946f56072f36f95368dc13ee316c330a46d42f0c9e SHA512 f3a87cb187858bc6fd1bafda3c3bd7bbda52b07239a50a7c1aa201df2c52a58d4809e196b8799b1949c8ca1a556519d454ad1789358540e3a96cd480fc0a504c WHIRLPOOL 1fd9852d59378b3fa8682886085f4f63ccd2a57806161b9a3ccb0cbe0c465be2e5620ed57942a8687656859e1a9df17c7d298ea66ec037514bbe7707783aa9f8 +AUX freebsd-sources-9.1-cve-2013-3077.patch 1064 SHA256 2c0b8a4df43b3a2b15bbb33000f4c0e0e132901dfe5d5531a694a17b9e1fd7b8 SHA512 12244d1335ab626e4a391cdd1d435f9f002ec4142fa2a2a93832b554f03fff69de09e950c4e80c797fd0b568504a69e18341fd35bd952a56e01a05024de8206f WHIRLPOOL 01c9e9270eea92448de3754ab0d6dc2efdec4b8e06a00b0d86c550e318c07c8e4a5b2b32e645008713e399c20b96d5e91e740e5120f889050ab91416763be3fa AUX freebsd-sources-9.1-cve-2013-3266.patch 535 SHA256 3ddd63716570d7a08956228d3f2b165e80380d3062cecfa9ed781696542cf7e2 SHA512 04f421724d79a2e8c5a23120a44601bd611b938e4452d064034b7cf91ab36e2b019e3a12af62d5bd180a5da30ca59886f90aeb6f1255dcd2124285aec6b65fa7 WHIRLPOOL e12449b21f4a3200da65d815bdc33972e9aa7b2941560fba13a634be9baad4246b635ee87510a09dee123b65ea614ed57f17e482ba41a0ea2c986e579d75f3a9 +AUX freebsd-sources-9.1-cve-2013-5209.patch 645 SHA256 1b334cae7f7ac266785449bc34a8b4b652b961b7b77acc3488e418f4359b6041 SHA512 1ed132883d22aaf48be98dd9adaa48cea0023f3c986cedb45f986676f1c4a40d3d5463006f516d78fe77a408e5f4821cb7b26d8fbff7091bc2aad9faac2e728a WHIRLPOOL 8ea85c387106009ed4c5ac4652520d349cf403d6568d81aedcc05f81ebdb5ac0c287a188071bb7651b4e847d95abf9874bfc8710a025c9ea1c986993b6d4a0a9 +AUX freebsd-sources-9.1-cve-2013-5691.patch 2854 SHA256 418cb39d555c036013cd87a2205d2b1b9e4c729f409b3bd4c509648282a0a993 SHA512 6c3342e79fe3de90d37d82415b186f5012597dfbc5f522f9aadfa5420d601e4e6042b899ed348b581537491d4c49d6b4959ca3b438f9bda454b8d9b494120534 WHIRLPOOL 7436a1c9402c2de662b98e3615d1a62f290a8638c597d671474dab005a60a5c5b162ea31603902568c9443ebd39a2631297b6e19bd26f343c808e086b78da263 +AUX freebsd-sources-9.1-cve-2013-5710.patch 704 SHA256 c076858b5dd9ab31be241144bef4de2824fa27599f7f114bcab9a2934436a1dd SHA512 a87d571aa060f435e0ac53816307703e300e16365df13c88be0a982d5851d3c224e0cc23b32ef61445413abda86762e0e43b964d475f1d816ca83d2c6b3f7d58 WHIRLPOOL 71bceec1fad2cde48cd32475805f96a33d9fef85ac8f3b69c601874514b6eef89479cf9b372bc8639d48a317dc5216bd7e2f2902570a148da865983845f5fbc6 AUX freebsd-sources-9.1-gentoo.patch 743 SHA256 f75e451259933aac8028ad0a2b6d9ee43d21bf40f7309e556d139c7a125392bd SHA512 9a7abc263c87134534d6f5a727e08c5f5c34b0272b8b03ddb89daf2ea27e4ec1e46d59202347e4b4154ac617e8c8fa8c29be95d498b54e392680b96fdd10cb6c WHIRLPOOL 237fbd8f3770442cc2692a2b62e83ecc732f54510d267a575a388de778f4b5c22a778d6fd8a69822ff8e782118c936e843e845c6461b0694ab357b261608a86e AUX freebsd-sources-9.1-mmap.patch 676 SHA256 4adee0a45d519d93d4bd3554c6b685becbaac2bc5e89511f61260e85a914235e SHA512 0daff1ef440be8e4f841eeff8917a36591bd3f4c31d79feb4666f9c3d65d49ee180397b81b07753c8892efd76436bf19d2218979cef3847d3cd46bdfcf166d6b WHIRLPOOL a31b32fb6fe8d7ca4464abae9c444e62d6ff00b4d53beed7c81c89bf0e85e61cf1eed7e70c7861a3559432086a923926737c4f6a727d2e389745de045e6f30cb AUX freebsd-sources-9.1-nfsserver.patch 650 SHA256 b288a29155fbce8ac58460a3f64ce77b644c32ee54814e35086700d2fae3610a SHA512 e1d505440371d35722b3520212ded13acf5ccb433c18988aea08d8035881f633c04dedb912931684334154303731ad21ca849c02831f6b9122b54486fb5ab8fe WHIRLPOOL b4469dfb52ca87e95539bd63dcc36ba34c9a29b812b887ad9656c2adea7acee5ae6a14850d2f4733aff7248fb9d6d6107ea38f06365efba18f8f025506675de9 AUX freebsd-sources-9.2-gentoo-gcc.patch 506 SHA256 7457421478066b686dabc9a072ea1a30da8878014d0799220557820fd3a4bbe8 SHA512 cf553ad66b5a55dd2383a55c9a3c5c852985c4842244569aef91596a98481ca12c6189dfdd5fb2badcbe7901a87c81a3e0432cbf10add66dfb481ddcf38ebdcf WHIRLPOOL 42be74cafdad3e43815f638144b3ef8e89a7a95d791a312899a24387bf6a9cbc08acb0b30855d45fed607c6b73a3632afe1a44fb2bcd5738f76a7cf444b39218 AUX freebsd-sources-9.2-gentoo.patch 716 SHA256 9a196adef145f57bf960b936f69065f6793df55420ef010c04f76578eb5d1e23 SHA512 3f6d9c4e2e3ee34058bc44ffae87c1de82e70f03d31635f27e477437f3ad4e003d2f3d6c4ab393d18dfc8eeab4cbc0af4a25227ca5d48bcd579dc07bbe3bd7f1 WHIRLPOOL 4b0207d4ffffda9daa88663b638b542acb2f567284ef4456cd18fe74770793666bb5e9de34f02b1dbf29fa79d8bae9305ad84d5cf378510004b926beacb7250d AUX freebsd-sources-cve-2012-0217.patch 856 SHA256 9b752e65a29b2b9a4a1412765d69d00310c05508af1cfa6d8d3c16d545bb3ffe SHA512 b1ac18cae23b81fd5ab2fcb44bb9f9808d6eb80f52b8572b81296fdd0b18edee62460520bc753848283d67e13367bf99775a2a5c6cf0272def9cdff6ec6fa4d9 WHIRLPOOL 27e4d0647c5275b77123bef6b866ac841af4b1b547fc663f776da82a7889995eba21b930adeabf2a71b3fbe053d2af5583cbdb6e8fd16a0379d10214d24b9121 +DIST freebsd-sources-9.1-en-13-03.patch 32571 SHA256 8bafbaba1b23f4651a9e578dbbb3b8d9b4a0a28dc1702f6dc17a40728b861595 SHA512 013a21da3618da9098020c85abe42d99e4eeb8d6b9b818cd5c6d27ee2ea2d31b60ad4521e73cb996f2f5c99fd0f34bd4a35458977264c51e79f4f53bfca6e7cc WHIRLPOOL c7b0a56efd9cebecde56590cacb1ee743845ce13577505255deca44c167d679ce94c759cfb363c26a5f2a9fc16dfc06d17eea18d638fd72c21ec0fdd81a71c5f DIST freebsd-sys-8.2.tar.bz2 25835329 SHA256 0c6c7b61aae94db2931f985d5899f3bca78fc8ffab6b598fbaa158142d676f16 SHA512 6ea4516a5c52e25c4f993f7acb875463a5caea93dbdf250c5d48eee95fff226956e9f030cab7e341b5e6a132325bc3dbf93dcb4b1185acb011918e50b1a22be3 WHIRLPOOL 870deeff877c6b9fc812a4260e4fdbb6715a5dc2065cab3bfbf2a42d876f6654703ccb124275a4e2c410cef48f3db02b63cc76059eccf9cf90244826f35b7a15 DIST freebsd-sys-9.1.tar.bz2 32588103 SHA256 b93a7ac8334ac16cc9f60665048e5ef812c0a6c62f10d0b0a674aec3f56516a8 SHA512 7dc9d9e00dde8f592bb171f4386d02b655b73cb4f153fe5ec063d010a148ef0639eae0dcdb3eeb09ecd1e3653c69e49a2d261329fa6d0381d2ddabe258ddde6d WHIRLPOOL c8348344dfb14bad64bd3a78ee615ddd29203175b292233254f8ba175e7a3fb7218af6f95f7b4dbf394c0354bafe9d8bb0c21cdf0ceaeb697214964b280469b3 DIST freebsd-sys-9.2.tar.bz2 34386743 SHA256 5619589783d0fe915b6e74be050c10fa06c7014e3bdf91256b75177ad63333a5 SHA512 b8c56d9735a6b59f5914d120d61ca6b14265b9f5a8c39e068de374751088a9b78ebefbf7c4b90362b854e8296d2a2acbae50d513e9fea8897df2f1999314cda1 WHIRLPOOL 081d8f5567628b0d6d9b41145feadc56484ada949051119f3cbaabde230addc1a1ec56b25343dc49236c7ebe62604ee08d302863878931a5d29c4626780f6445 @@ -29,16 +34,27 @@ DIST freebsd-sys-9.2_rc2.tar.bz2 34381761 SHA256 2cf28a18adf0d22c0d141f2ee0c7a8b DIST freebsd-sys-9.2_rc3.tar.bz2 34386428 SHA256 86fd03137f39a8544174dd26f4096da022c1ecfa447a1e7c9e4e241428b94947 SHA512 233181db24063e6afe1dc3e17280e2b89a39529961814640bd52d6efa1bd9f9212ab2a467266df7cd1c52654e1759f124df5d4fa439862397816623d46f3af40 WHIRLPOOL 4d7a065decda622550b16b2583b133f9b3d42aca4e6707a53012bbac9e5eb62b2fbdfc84d9cc0b666c9685e8f9abd6c9b7c9f46ce23e7b16a90a05530f45cc9b EBUILD freebsd-sources-8.2-r2.ebuild 3801 SHA256 1766a68e4f3191690a805d89280250a549fdbe0ef08ca9962c0aa46256ff0762 SHA512 85b3793d6042a4db9409dd42e90e37e67d880d5ff5996834b467662c60febab7a63d9f13176b549fa93a8aa4ae212f80e42e0742c16de910e5f3c85b06ef3059 WHIRLPOOL 91deb75cdfb47e561cbf842a2ca70be4ea4af4216c1a97e598f6bdc3b9c796d822c7ba5cba8edced1a6a43a2a9bd15e7d31e8d9b292965d24792bc88a557ac15 EBUILD freebsd-sources-9.1-r3.ebuild 2648 SHA256 40075f5d40a1f1d1cb53cce9fba58a45cfdf3fc358b379ff5f502bda21e7c010 SHA512 f51c6eb2d56f8207ecf77ccd7630e5fa3c78db6d30bf21dc84d0c602643a68e0b10e67824c161b198a8d1311ad34543ec5ec1c71008c86c21b71c9e05a417272 WHIRLPOOL 9c5f574e177e52cca80466f51a27fa6341c29db4970a70e0d9ab26a76e66328fac70c0ce99df63d2ed8ee26f6153da9f1a4a94c76f1a0aa792094e19e3524e00 +EBUILD freebsd-sources-9.1-r4.ebuild 2920 SHA256 64f1249af5127c53c25e571913e84cd9dad7bc346b03edc40b24d52ceb479e87 SHA512 de507f0c44d58751e92d109090edd7682bf3fe3888a3e03918e32a892cc2e66fa114479c6af144949d7ba70016f794da40a6e86e71d82cb148970e545552fe05 WHIRLPOOL 699fa4e2fc7fec9a65d7c0d40b47ec47706fb82a29ad6bd201217d90252e90bdeb4934b6655e9bd6cecafaa26398817ea74193fd8c3abc8a0db80017580965ad EBUILD freebsd-sources-9.2.ebuild 3142 SHA256 a2e5782e94e9a309f212e52c5b994a712a6f79da3593d61e23904ef5ecc8474b SHA512 15f64f50af66cee036a4de219642107364487e4873fed47583e47f45dbd4fb4eaac8a53459d12a4df21fad72bae7a76baf9b83c1a8fe72c77b3a6d9cf52193be WHIRLPOOL 0dd9e8a8a6798d78322b494ef289f64bd1e598d7c332f28fce58105ee79258dcfe58311d9a5db3a6c67b67a4e865d71b84d76fd3839dd69716bb41a04800b396 EBUILD freebsd-sources-9.2_rc1.ebuild 3146 SHA256 a5ff139aa2daf1ee0f7294195b26ac0e3b39c9bab9c25c3bcb2fa361a609bb9b SHA512 a2e9a234d522d858f1a0b5a6ffd26a4742319d36d6034bb2f1d79b343fdc3b67eddda62c38214760ca347a0308685526cbf45149d418bea2e2fe994efa58a30a WHIRLPOOL 02bb6b335165e85597f1227a63cdc55bc7df796819764a74623764e44ec09098cedec2750c3b21d053cfd36acf11eea2a0b19808c858afd4882d82947f2c33e3 EBUILD freebsd-sources-9.2_rc2.ebuild 3146 SHA256 c70294b76b6ee163b413eed0270bb53294c77d5015d2dabd4d526f49e2c67e7f SHA512 392af1b6eaef5b493ac9fc568a1fe4f067cd12e9bd45f2bf79fd5602cddc4ce7f7543dc243d556e4ecd35733cf5d68573562082c014175a33ea702094c2974f9 WHIRLPOOL db8f01671a1c248e68f1aafa3f814856ef986df06fe02952fff029b6b66f12602edcb962640a2e76574778d40e04ed6bdc822b7daf24d8f2946dc108b8a565d4 EBUILD freebsd-sources-9.2_rc3.ebuild 3146 SHA256 543d274c0ede9a96e3442cb5c4fe50990b60a5dfd8d597fb9eda9167ee79e38b SHA512 cd1c298137cc28237288e3a03f44a79e50685085784057491400db5fe2b2d3bf2d78f379b65ec7d196522a092c960675829f83ea25cf7fbae29a5ddbc1426e5a WHIRLPOOL f054a506e354216344b8dc3baccf18302267e0f5cbd1e8d3a1bb0749d94268bf157d05d07c6ac93dee20f11d4af6e5c1f76b6f3846fc21ab0c03dc02df0c70fb -MISC ChangeLog 25113 SHA256 2011ed119eb6a93916ba28d1e67b0b98444b98ff8d8239ad88623e8f977e63a4 SHA512 b3ce9b2fdd2001bec8d0549390ab872126cb372d833f7cdb1dee542ef1b43a6c5c8fd2c7d993b87f12c18147e1298216b63fe069baeff79efc06f47a3fc43b99 WHIRLPOOL fa656d40a7b5820a172105e03b9e4e5f1458f64f1798e5d74d9c95ad32bcf597f3dd349ec21821d8e37075c3b4ce3959f259736d57cb1de80beb34f7a77f47fb +MISC ChangeLog 25463 SHA256 3ba5be6f4fdd305b8d7b3d1e81cdd0b333d6ef6d3b0316503ca74b086987ba9c SHA512 1862b163b314c6b933286e290161083d626102a2d9b1f86e795eb4fbd8e8cd949feb6d2e770677d6daa602fb16fd38e4024f237d7a5fcef42ceda6d03e9bf2d1 WHIRLPOOL c6024eb8c1feb1770e855e76110622a8be86b06e12d3a37bae5de1753e199be65314ca23f7d83ec50c5e0e91b40fb735c958835585d874ae3699ff281ee40f79 MISC metadata.xml 315 SHA256 d827e7310cb93578d5712b15f74a56b5cd98854e350fbc29a17dad0222ee955e SHA512 f8dc2ef7a14a4c3c34136b313802e982d57c606d3aa47fc51c59cd3840ebb9df3db17f40176354348e154891027477f97da6d72a3723613334ffe7852ea5bbd3 WHIRLPOOL 88483c7555215eda8091f4adcd9148a1079307a7ada08f6caa45bb482aa6dbbee291c96e24b4a35f915c944803fafaed1a6a8c85fc899071eb9f577f4e80049c -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iEYEAREIAAYFAlJ9/dQACgkQvFcC4BYPU0rIpgCgkhJ2i9J7nO5Kgwm4z7c0edA0 -+qUAoKpPlKTgxAHG5X/jZfzKl934I8yN -=1xuu +iQIcBAEBCAAGBQJSiESZAAoJEDYO1FT4VRUUx7kP/3XVMciEz6bMoFeHCf0FyHQ4 +6dInAQ/VOASDtp1RTurkfrmtv5ppeDdgUUZyUeSHLfkmtMWOv5dh9O/7uIJB2Ek2 +b2u6fTKyZN3o7FE9mzF1ji70FvttqJ0JdSwwyQy81iuAlFIhRPGPT490fjXTg5E0 +cPBG6NFIiDXlFffcgicfhbpLWcIkrlGWyX0FVkv8xOgeH8/YVPAr+5DYMfv+fmh0 +5lqB8B6ObmZ7BfwlnJke7y+DV55YBEm1aKuVes1cfaOQQcrTVllSrcwJEw07KC+O +QUNUMt2gm4Y7in/rJFt2YXiHT29eSZJBV2k5nkPyVp0/m21kOATgz48cOzEuSS6G +qv4VNqd/hb+lL5tga9H41vG0ZP8wmM6TQhsfV/i7v2rrrWgI5KI777tmdXD+EQ18 +oJud9OMOZ7iToD+1S//TyJy11lqtsLEAHabxQXI+jcYhpZ71mqybGyNy3qU8lFSV +IPtOhcZ1zPKHtXo2qWTm9x+RJHYXHD28Jy+9qdRZJ07nUQEZZXU7u9ZnAXdRUDry +jSwNqO8EbcmSNmXJuhnXHG4Dejr+Hg5R5eBTnt1MELn2S439+ERf7rTWNLdB3Wb+ +49Kn/faezWmH61VdIQIBgkFvBe4gQ8lwsLUTjxLILf+93k1QevZ7SCS4teshTwGc +exRbDZNH2qelDqzwoBYy +=9Mf+ -----END PGP SIGNATURE----- diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch new file mode 100644 index 000000000000..23f68ed9c3db --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch @@ -0,0 +1,26 @@ +Index: sys/netinet/in_mcast.c +=================================================================== +--- sys/netinet/in_mcast.c (revision 254252) ++++ sys/netinet/in_mcast.c (working copy) +@@ -1648,6 +1648,8 @@ + * has asked for, but we always tell userland how big the + * buffer really needs to be. + */ ++ if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) ++ msfr.msfr_nsrcs = in_mcast_maxsocksrc; + tss = NULL; + if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) { + tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs, +Index: sys/netinet6/in6_mcast.c +=================================================================== +--- sys/netinet6/in6_mcast.c (revision 254252) ++++ sys/netinet6/in6_mcast.c (working copy) +@@ -1625,6 +1625,8 @@ + * has asked for, but we always tell userland how big the + * buffer really needs to be. + */ ++ if (msfr.msfr_nsrcs > in6_mcast_maxsocksrc) ++ msfr.msfr_nsrcs = in6_mcast_maxsocksrc; + tss = NULL; + if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) { + tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs, diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch new file mode 100644 index 000000000000..e6710e3bcb8b --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch @@ -0,0 +1,19 @@ +Index: sys/netinet/sctp_output.c +=================================================================== +--- sys/netinet/sctp_output.c (revision 254337) ++++ sys/netinet/sctp_output.c (revision 254338) +@@ -5406,6 +5406,14 @@ + } + SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); + ++ /* ++ * We might not overwrite the identification[] completely and on ++ * some platforms time_entered will contain some padding. Therefore ++ * zero out the cookie to avoid putting uninitialized memory on the ++ * wire. ++ */ ++ memset(&stc, 0, sizeof(struct sctp_state_cookie)); ++ + /* the time I built cookie */ + (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); + diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch new file mode 100644 index 000000000000..9aef1503f770 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch @@ -0,0 +1,89 @@ +Index: sys/net/if.c +=================================================================== +--- sys/net/if.c (revision 254941) ++++ sys/net/if.c (working copy) +@@ -2553,11 +2553,23 @@ + CURVNET_RESTORE(); + return (EOPNOTSUPP); + } ++ ++ /* ++ * Pass the request on to the socket control method, and if the ++ * latter returns EOPNOTSUPP, directly to the interface. ++ * ++ * Make an exception for the legacy SIOCSIF* requests. Drivers ++ * trust SIOCSIFADDR et al to come from an already privileged ++ * layer, and do not perform any credentials checks or input ++ * validation. ++ */ + #ifndef COMPAT_43 + error = ((*so->so_proto->pr_usrreqs->pru_control)(so, cmd, + data, + ifp, td)); +- if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL) ++ if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL && ++ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR && ++ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK) + error = (*ifp->if_ioctl)(ifp, cmd, data); + #else + { +@@ -2601,7 +2613,9 @@ + data, + ifp, td)); + if (error == EOPNOTSUPP && ifp != NULL && +- ifp->if_ioctl != NULL) ++ ifp->if_ioctl != NULL && ++ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR && ++ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK) + error = (*ifp->if_ioctl)(ifp, cmd, data); + switch (ocmd) { + +Index: sys/netinet6/in6.c +=================================================================== +--- sys/netinet6/in6.c (revision 254941) ++++ sys/netinet6/in6.c (working copy) +@@ -431,6 +431,18 @@ + case SIOCGIFSTAT_ICMP6: + sa6 = &ifr->ifr_addr; + break; ++ case SIOCSIFADDR: ++ case SIOCSIFBRDADDR: ++ case SIOCSIFDSTADDR: ++ case SIOCSIFNETMASK: ++ /* ++ * Although we should pass any non-INET6 ioctl requests ++ * down to driver, we filter some legacy INET requests. ++ * Drivers trust SIOCSIFADDR et al to come from an already ++ * privileged layer, and do not perform any credentials ++ * checks or input validation. ++ */ ++ return (EINVAL); + default: + sa6 = NULL; + break; +Index: sys/netnatm/natm.c +=================================================================== +--- sys/netnatm/natm.c (revision 254941) ++++ sys/netnatm/natm.c (working copy) +@@ -339,6 +339,21 @@ + npcb = (struct natmpcb *)so->so_pcb; + KASSERT(npcb != NULL, ("natm_usr_control: npcb == NULL")); + ++ switch (cmd) { ++ case SIOCSIFADDR: ++ case SIOCSIFBRDADDR: ++ case SIOCSIFDSTADDR: ++ case SIOCSIFNETMASK: ++ /* ++ * Although we should pass any non-ATM ioctl requests ++ * down to driver, we filter some legacy INET requests. ++ * Drivers trust SIOCSIFADDR et al to come from an already ++ * privileged layer, and do not perform any credentials ++ * checks or input validation. ++ */ ++ return (EINVAL); ++ } ++ + if (ifp == NULL || ifp->if_ioctl == NULL) + return (EOPNOTSUPP); + return ((*ifp->if_ioctl)(ifp, cmd, arg)); diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch new file mode 100644 index 000000000000..83f30e84fe9e --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch @@ -0,0 +1,28 @@ +Index: sys/fs/nullfs/null_vnops.c +=================================================================== +--- sys/fs/nullfs/null_vnops.c (revision 254941) ++++ sys/fs/nullfs/null_vnops.c (working copy) +@@ -858,6 +858,15 @@ + return (error); + } + ++static int ++null_link(struct vop_link_args *ap) ++{ ++ ++ if (ap->a_tdvp->v_mount != ap->a_vp->v_mount) ++ return (EXDEV); ++ return (null_bypass((struct vop_generic_args *)ap)); ++} ++ + /* + * Global vfs data structures + */ +@@ -871,6 +880,7 @@ + .vop_getwritemount = null_getwritemount, + .vop_inactive = null_inactive, + .vop_islocked = vop_stdislocked, ++ .vop_link = null_link, + .vop_lock1 = null_lock, + .vop_lookup = null_lookup, + .vop_open = null_open, diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild new file mode 100644 index 000000000000..e84e8de60d4d --- /dev/null +++ b/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild,v 1.1 2013/11/17 04:22:40 naota Exp $ + +inherit bsdmk freebsd flag-o-matic + +DESCRIPTION="FreeBSD kernel sources" +SLOT="${RV}" +KEYWORDS="~amd64-fbsd ~sparc-fbsd ~x86-fbsd" + +IUSE="symlink" + +SRC_URI="mirror://gentoo/${SYS}.tar.bz2 + http://dev.gentoo.org/~naota/patch/${P}-en-13-03.patch" + +RDEPEND="=sys-freebsd/freebsd-mk-defs-${RV}*" +DEPEND="" + +RESTRICT="strip binchecks" + +S="${WORKDIR}/sys" + +PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch" + "${FILESDIR}/${PN}-9.1-gentoo.patch" + "${FILESDIR}/${PN}-6.0-flex-2.5.31.patch" + "${FILESDIR}/${PN}-6.1-ntfs.patch" + "${FILESDIR}/${PN}-7.1-types.h-fix.patch" + "${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch" + "${FILESDIR}/${PN}-7.1-includes.patch" + "${FILESDIR}/${PN}-9.0-sysctluint.patch" + "${FILESDIR}/${PN}-7.0-tmpfs_whiteout_stub.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-3266.patch" + "${FILESDIR}/${PN}-9.1-mmap.patch" + "${FILESDIR}/${PN}-9.1-nfsserver.patch" + "${DISTDIR}/${PN}-9.1-en-13-03.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-3077.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-5209.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-5691.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-5710.patch" ) + +src_unpack() { + freebsd_src_unpack + + # This replaces the gentoover patch, it doesn't need reapply every time. + sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \ + -e 's:^BRANCH=.*:BRANCH="Gentoo":' \ + -e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \ + "${S}/conf/newvers.sh" + + # __FreeBSD_cc_version comes from FreeBSD's gcc. + # on 9.0-RELEASE it's 900001. + sed -e "s:-D_KERNEL:-D_KERNEL -D__FreeBSD_cc_version=900001:g" \ + -i "${S}/conf/kern.pre.mk" \ + -i "${S}/conf/kmod.mk" || die "Couldn't set __FreeBSD_cc_version" + + # Remove -Werror + sed -e "s:-Werror:-Wno-error:g" \ + -i "${S}/conf/kern.pre.mk" \ + -i "${S}/conf/kmod.mk" || die +} + +src_compile() { + einfo "Nothing to compile.." +} + +src_install() { + insinto "/usr/src/sys-${RV}" + doins -r "${S}/"* +} + +pkg_postinst() { + if [[ ! -L "${ROOT}/usr/src/sys" ]]; then + einfo "/usr/src/sys symlink doesn't exist; creating symlink to sys-${RV}..." + ln -sf "sys-${RV}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + elif use symlink; then + einfo "Updating /usr/src/sys symlink to sys-${RV}..." + rm "${ROOT}/usr/src/sys" || \ + eerror "Couldn't remove previous symlinks, please fix manually." + ln -sf "sys-${RV}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + fi + + if use sparc-fbsd ; then + ewarn "WARNING: kldload currently causes kernel panics" + ewarn "on sparc64. This is probably a gcc-4.1 issue, but" + ewarn "we need gcc-4.1 to compile the kernel correctly :/" + ewarn "Please compile all modules you need into the kernel" + fi +} -- cgit v1.2.3-65-gdbad