Apply a fix for FreeBSD-SA-15:09.ipv6. https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/91 by nigoro.

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)

3 files changed, 38 insertions, 4 deletions

diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog
index 58ae308345d8..fb5f038f2fde 100644
--- a/sys-freebsd/freebsd-sources/ChangeLog
+++ b/sys-freebsd/freebsd-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-freebsd/freebsd-sources
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.109 2015/03/15 18:06:56 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.110 2015/04/10 13:34:44 mgorny Exp $
+
+*freebsd-sources-10.1-r2 (10 Apr 2015)
+
+  10 Apr 2015; Michał Górny <mgorny@gentoo.org>
+  +files/freebsd-sources-10.1-cve-2015-2923.patch,
+  +freebsd-sources-10.1-r2.ebuild, -freebsd-sources-10.1-r1.ebuild:
+  Apply a fix for FreeBSD-SA-15:09.ipv6. https://github.com/gentoo/gentoo-
+  portage-rsync-mirror/pull/91 by nigoro.
 
   15 Mar 2015; Michał Górny <mgorny@gentoo.org> freebsd-sources-10.1-r1.ebuild:
   Support upgrades from 9.x. https://github.com/gentoo/gentoo-portage-rsync-
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
new file mode 100644
index 000000000000..430e1b192ab1
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
@@ -0,0 +1,23 @@
+Index: sys/netinet6/nd6_rtr.c
+===================================================================
+--- sys/netinet6/nd6_rtr.c	(revision 280920)
++++ sys/netinet6/nd6_rtr.c	(working copy)
+@@ -296,8 +296,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len
+ 	}
+ 	if (nd_ra->nd_ra_retransmit)
+ 		ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
+-	if (nd_ra->nd_ra_curhoplimit)
+-		ndi->chlim = nd_ra->nd_ra_curhoplimit;
++	if (nd_ra->nd_ra_curhoplimit) {
++		if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
++			ndi->chlim = nd_ra->nd_ra_curhoplimit;
++		else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
++			log(LOG_ERR, "RA with a lower CurHopLimit sent from "
++			    "%s on %s (current = %d, received = %d). "
++			    "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
++			    if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
++		}
++	}
+ 	dr = defrtrlist_update(&dr0);
+     }
+ 
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild
index c54b8bdb8f24..ed7b2632bbc9 100644
--- a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild,v 1.2 2015/03/15 18:06:56 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild,v 1.1 2015/04/10 13:34:44 mgorny Exp $
 
 EAPI=5
 
@@ -43,10 +43,13 @@ PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch"
 	"${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch"
 	"${FILESDIR}/${PN}-7.1-includes.patch"
 	"${FILESDIR}/${PN}-9.0-sysctluint.patch"
-	"${FILESDIR}/${PN}-9.2-gentoo-gcc.patch"
-	"${FILESDIR}/${PN}-10.1-cve-2014-8612.patch"
+	"${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" )
+
+# Fix Security Advisory and Errata.
+PATCHES+=( "${FILESDIR}/${PN}-10.1-cve-2014-8612.patch"
 	"${FILESDIR}/${PN}-10.1-cve-2014-8613.patch"
 	"${FILESDIR}/${PN}-10.1-cve-2015-1414.patch"
+	"${FILESDIR}/${PN}-10.1-cve-2015-2923.patch"
 	"${FILESDIR}/${PN}-10.1-en-1501-vt.patch" )
 
 pkg_setup() {