diff options
author | Michał Górny <mgorny@gentoo.org> | 2015-05-24 08:45:46 +0000 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2015-05-24 08:45:46 +0000 |
commit | 1417b8d2a3992e48cb9b5fb8733fac8b2ab19d37 (patch) | |
tree | a3c4d7eeb3252859d66107a2c8502b8357e5b1a5 | |
parent | drop old (diff) | |
download | gentoo-2-1417b8d2a3992e48cb9b5fb8733fac8b2ab19d37.tar.gz gentoo-2-1417b8d2a3992e48cb9b5fb8733fac8b2ab19d37.tar.bz2 gentoo-2-1417b8d2a3992e48cb9b5fb8733fac8b2ab19d37.zip |
Fix FreeBSD Errata. Fix build failure with USE=zfs, reported by NP-Hardass. https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/121 by nigoro.
(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)
-rw-r--r-- | sys-freebsd/freebsd-sources/ChangeLog | 13 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch | 45 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch | 119 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch | 15 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch | 23 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-en-1501-vt.patch | 34 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/freebsd-sources-10.1-r3.ebuild (renamed from sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild) | 41 |
7 files changed, 43 insertions, 247 deletions
diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog index fb5f038f2fde..b948ea8743b8 100644 --- a/sys-freebsd/freebsd-sources/ChangeLog +++ b/sys-freebsd/freebsd-sources/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for sys-freebsd/freebsd-sources # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.110 2015/04/10 13:34:44 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.111 2015/05/24 08:45:46 mgorny Exp $ + +*freebsd-sources-10.1-r3 (24 May 2015) + + 24 May 2015; Michał Górny <mgorny@gentoo.org> +freebsd-sources-10.1-r3.ebuild, + -files/freebsd-sources-10.1-cve-2014-8612.patch, + -files/freebsd-sources-10.1-cve-2014-8613.patch, + -files/freebsd-sources-10.1-cve-2015-1414.patch, + -files/freebsd-sources-10.1-cve-2015-2923.patch, + -files/freebsd-sources-10.1-en-1501-vt.patch, -freebsd-sources-10.1-r2.ebuild: + Fix FreeBSD Errata. Fix build failure with USE=zfs, reported by NP-Hardass. + https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/121 by nigoro. *freebsd-sources-10.1-r2 (10 Apr 2015) diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch deleted file mode 100644 index 7c615d3682b2..000000000000 --- a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch +++ /dev/null @@ -1,45 +0,0 @@ -Index: sys/netinet/sctp_usrreq.c -=================================================================== ---- sys/netinet/sctp_usrreq.c (revision 277788) -+++ sys/netinet/sctp_usrreq.c (working copy) -@@ -1863,8 +1863,9 @@ flags_out: - SCTP_CHECK_AND_CAST(av, optval, struct sctp_stream_value, *optsize); - SCTP_FIND_STCB(inp, stcb, av->assoc_id); - if (stcb) { -- if (stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], -- &av->stream_value) < 0) { -+ if ((av->stream_id >= stcb->asoc.streamoutcnt) || -+ (stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], -+ &av->stream_value) < 0)) { - SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); - error = EINVAL; - } else { -@@ -4032,8 +4033,9 @@ sctp_setopt(struct socket *so, int optname, void * - SCTP_CHECK_AND_CAST(av, optval, struct sctp_stream_value, optsize); - SCTP_FIND_STCB(inp, stcb, av->assoc_id); - if (stcb) { -- if (stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], -- av->stream_value) < 0) { -+ if ((av->stream_id >= stcb->asoc.streamoutcnt) || -+ (stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], -+ av->stream_value) < 0)) { - SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); - error = EINVAL; - } -@@ -4043,10 +4045,12 @@ sctp_setopt(struct socket *so, int optname, void * - SCTP_INP_RLOCK(inp); - LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { - SCTP_TCB_LOCK(stcb); -- stcb->asoc.ss_functions.sctp_ss_set_value(stcb, -- &stcb->asoc, -- &stcb->asoc.strmout[av->stream_id], -- av->stream_value); -+ if (av->stream_id < stcb->asoc.streamoutcnt) { -+ stcb->asoc.ss_functions.sctp_ss_set_value(stcb, -+ &stcb->asoc, -+ &stcb->asoc.strmout[av->stream_id], -+ av->stream_value); -+ } - SCTP_TCB_UNLOCK(stcb); - } - SCTP_INP_RUNLOCK(inp); diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch deleted file mode 100644 index 1e2fe912335c..000000000000 --- a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch +++ /dev/null @@ -1,119 +0,0 @@ -Index: sys/netinet/sctp_input.c -=================================================================== ---- sys/netinet/sctp_input.c (revision 277788) -+++ sys/netinet/sctp_input.c (working copy) -@@ -3649,6 +3649,9 @@ sctp_handle_stream_reset_response(struct sctp_tcb - /* huh ? */ - return (0); - } -+ if (ntohs(respin->ph.param_length) < sizeof(struct sctp_stream_reset_response_tsn)) { -+ return (0); -+ } - if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { - resp = (struct sctp_stream_reset_response_tsn *)respin; - asoc->stream_reset_outstanding--; -@@ -4037,7 +4040,7 @@ __attribute__((noinline)) - sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset, - struct sctp_chunkhdr *ch_req) - { -- int chk_length, param_len, ptype; -+ uint16_t remaining_length, param_len, ptype; - struct sctp_paramhdr pstore; - uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE]; - uint32_t seq = 0; -@@ -4050,7 +4053,7 @@ __attribute__((noinline)) - int num_param = 0; - - /* now it may be a reset or a reset-response */ -- chk_length = ntohs(ch_req->chunk_length); -+ remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct sctp_chunkhdr); - - /* setup for adding the response */ - sctp_alloc_a_chunk(stcb, chk); -@@ -4088,20 +4091,27 @@ strres_nochunk: - ch->chunk_length = htons(chk->send_size); - SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); - offset += sizeof(struct sctp_chunkhdr); -- while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) { -+ while (remaining_length >= sizeof(struct sctp_paramhdr)) { - ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(pstore), (uint8_t *) & pstore); -- if (ph == NULL) -+ if (ph == NULL) { -+ /* TSNH */ - break; -+ } - param_len = ntohs(ph->param_length); -- if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) { -- /* bad param */ -+ if ((param_len > remaining_length) || -+ (param_len < (sizeof(struct sctp_paramhdr) + sizeof(uint32_t)))) { -+ /* bad parameter length */ - break; - } -- ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, (int)sizeof(cstore)), -+ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, sizeof(cstore)), - (uint8_t *) & cstore); -+ if (ph == NULL) { -+ /* TSNH */ -+ break; -+ } - ptype = ntohs(ph->param_type); - num_param++; -- if (param_len > (int)sizeof(cstore)) { -+ if (param_len > sizeof(cstore)) { - trunc = 1; - } else { - trunc = 0; -@@ -4113,6 +4123,9 @@ strres_nochunk: - if (ptype == SCTP_STR_RESET_OUT_REQUEST) { - struct sctp_stream_reset_out_request *req_out; - -+ if (param_len < sizeof(struct sctp_stream_reset_out_request)) { -+ break; -+ } - req_out = (struct sctp_stream_reset_out_request *)ph; - num_req++; - if (stcb->asoc.stream_reset_outstanding) { -@@ -4126,6 +4139,9 @@ strres_nochunk: - } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) { - struct sctp_stream_reset_add_strm *str_add; - -+ if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { -+ break; -+ } - str_add = (struct sctp_stream_reset_add_strm *)ph; - num_req++; - sctp_handle_str_reset_add_strm(stcb, chk, str_add); -@@ -4132,6 +4148,9 @@ strres_nochunk: - } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) { - struct sctp_stream_reset_add_strm *str_add; - -+ if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { -+ break; -+ } - str_add = (struct sctp_stream_reset_add_strm *)ph; - num_req++; - sctp_handle_str_reset_add_out_strm(stcb, chk, str_add); -@@ -4156,6 +4175,9 @@ strres_nochunk: - struct sctp_stream_reset_response *resp; - uint32_t result; - -+ if (param_len < sizeof(struct sctp_stream_reset_response)) { -+ break; -+ } - resp = (struct sctp_stream_reset_response *)ph; - seq = ntohl(resp->response_seq); - result = ntohl(resp->result); -@@ -4167,7 +4189,11 @@ strres_nochunk: - break; - } - offset += SCTP_SIZE32(param_len); -- chk_length -= SCTP_SIZE32(param_len); -+ if (remaining_length >= SCTP_SIZE32(param_len)) { -+ remaining_length -= SCTP_SIZE32(param_len); -+ } else { -+ remaining_length = 0; -+ } - } - if (num_req == 0) { - /* we have no response free the stuff */ diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch deleted file mode 100644 index eeb65e04147e..000000000000 --- a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: sys/netinet/igmp.c -=================================================================== ---- sys/netinet/igmp.c (revision 278973) -+++ sys/netinet/igmp.c (working copy) -@@ -1533,8 +1533,8 @@ igmp_input(struct mbuf *m, int off) - case IGMP_VERSION_3: { - struct igmpv3 *igmpv3; - uint16_t igmpv3len; -- uint16_t srclen; -- int nsrc; -+ uint16_t nsrc; -+ int srclen; - - IGMPSTAT_INC(igps_rcv_v3_queries); - igmpv3 = (struct igmpv3 *)igmp; diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch deleted file mode 100644 index 430e1b192ab1..000000000000 --- a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch +++ /dev/null @@ -1,23 +0,0 @@ -Index: sys/netinet6/nd6_rtr.c -=================================================================== ---- sys/netinet6/nd6_rtr.c (revision 280920) -+++ sys/netinet6/nd6_rtr.c (working copy) -@@ -296,8 +296,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len - } - if (nd_ra->nd_ra_retransmit) - ndi->retrans = ntohl(nd_ra->nd_ra_retransmit); -- if (nd_ra->nd_ra_curhoplimit) -- ndi->chlim = nd_ra->nd_ra_curhoplimit; -+ if (nd_ra->nd_ra_curhoplimit) { -+ if (ndi->chlim < nd_ra->nd_ra_curhoplimit) -+ ndi->chlim = nd_ra->nd_ra_curhoplimit; -+ else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) { -+ log(LOG_ERR, "RA with a lower CurHopLimit sent from " -+ "%s on %s (current = %d, received = %d). " -+ "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src), -+ if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit); -+ } -+ } - dr = defrtrlist_update(&dr0); - } - diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-en-1501-vt.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-en-1501-vt.patch deleted file mode 100644 index ef2d235240f3..000000000000 --- a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-en-1501-vt.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: sys/dev/vt/vt_core.c -=================================================================== ---- sys/dev/vt/vt_core.c (revision 278106) -+++ sys/dev/vt/vt_core.c (working copy) -@@ -1719,14 +1719,16 @@ skip_thunk: - } - VT_UNLOCK(vd); - return (EINVAL); -- case VT_WAITACTIVE: -+ case VT_WAITACTIVE: { -+ unsigned int idx; -+ - error = 0; - -- i = *(unsigned int *)data; -- if (i > VT_MAXWINDOWS) -+ idx = *(unsigned int *)data; -+ if (idx > VT_MAXWINDOWS) - return (EINVAL); -- if (i != 0) -- vw = vd->vd_windows[i - 1]; -+ if (idx > 0) -+ vw = vd->vd_windows[idx - 1]; - - VT_LOCK(vd); - while (vd->vd_curwindow != vw && error == 0) -@@ -1733,6 +1735,7 @@ skip_thunk: - error = cv_wait_sig(&vd->vd_winswitch, &vd->vd_lock); - VT_UNLOCK(vd); - return (error); -+ } - case VT_SETMODE: { /* set screen switcher mode */ - struct vt_mode *mode; - struct proc *p1; diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r3.ebuild index ed7b2632bbc9..961c043b092b 100644 --- a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild +++ b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild,v 1.1 2015/04/10 13:34:44 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r3.ebuild,v 1.1 2015/05/24 08:45:46 mgorny Exp $ EAPI=5 @@ -11,11 +11,22 @@ SLOT="0" IUSE="+build-kernel debug dtrace profile zfs" +# Security Advisory and Errata patches. +UPSTREAM_PATCHES=( "SA-15:02/sctp.patch" + "SA-15:03/sctp.patch" + "SA-15:04/igmp.patch" + "SA-15:04/igmp-errata.patch" + "SA-15:09/ipv6.patch" + "EN-15:01/vt.patch" + "EN-15:05/ufs.patch" ) + if [[ ${PV} != *9999* ]]; then KEYWORDS="~amd64-fbsd ~sparc-fbsd ~x86-fbsd" SRC_URI="http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${SYS}.tar.xz http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${CONTRIB}.tar.xz - http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${UBIN}.tar.xz" + http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${UBIN}.tar.xz + zfs? ( http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${CDDL}.tar.xz ) + $(freebsd_upstream_patches)" fi RDEPEND="dtrace? ( >=sys-freebsd/freebsd-cddl-9.2_rc1 ) @@ -45,13 +56,6 @@ PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch" "${FILESDIR}/${PN}-9.0-sysctluint.patch" "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" ) -# Fix Security Advisory and Errata. -PATCHES+=( "${FILESDIR}/${PN}-10.1-cve-2014-8612.patch" - "${FILESDIR}/${PN}-10.1-cve-2014-8613.patch" - "${FILESDIR}/${PN}-10.1-cve-2015-1414.patch" - "${FILESDIR}/${PN}-10.1-cve-2015-2923.patch" - "${FILESDIR}/${PN}-10.1-en-1501-vt.patch" ) - pkg_setup() { # Force set CC=clang. when using gcc, aesni fails to build. use sparc-fbsd || export CC=clang @@ -120,7 +124,11 @@ src_install() { fi insinto "/usr/src/sys" - doins -r "${S}/"* + doins -r "${S}/". + if use zfs ; then + insinto "/usr/src/cddl" + doins -r "${WORKDIR}/cddl/". + fi } pkg_preinst() { @@ -135,4 +143,17 @@ pkg_preinst() { ewarn "we need gcc-4.1 to compile the kernel correctly :/" ewarn "Please compile all modules you need into the kernel" fi + + ewarn "If you want manual compile (not recommended), please don't forget the following step." + if ! use sparc-fbsd ; then + ewarn "export CC=clang" + ewarn "export CXX=clang++" + fi + if ! use zfs ; then + ewarn "export WITHOUT_CDDL=" + ewarn "Note, Please set USE=zfs if you want to enable modules of CDDL license." + fi + if ! use dtrace && ! has_version '>=sys-freebsd/freebsd-cddl-9.2_beta1' ; then + ewarn "GENERIC config require sys-freebsd/freebsd-cddl. Please emerge it." + fi } |