Add patches for latest fbsd sec. advisory and errata.

(Portage version: 2.2_rc46/cvs/Linux x86_64)

4 files changed, 179 insertions, 1 deletions

diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog
index 35ddfeb03269..a45a74ad4c2c 100644
--- a/sys-freebsd/freebsd-sources/ChangeLog
+++ b/sys-freebsd/freebsd-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-freebsd/freebsd-sources
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.50 2009/06/26 05:50:20 aballier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.51 2009/10/16 13:05:27 aballier Exp $
+
+*freebsd-sources-7.2-r2 (16 Oct 2009)
+
+  16 Oct 2009; Alexis Ballier <aballier@gentoo.org>
+  +freebsd-sources-7.2-r2.ebuild, +files/freebsd-sources-7.2-devfs7.patch,
+  +files/freebsd-sources-7.2-null.patch:
+  Add patches for latest fbsd sec. advisory and errata.
 
 *freebsd-sources-7.2-r1 (26 Jun 2009)
 
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-devfs7.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-devfs7.patch
new file mode 100644
index 000000000000..e1fcefb028ce
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-devfs7.patch
@@ -0,0 +1,15 @@
+http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc
+
+Index: sys/fs/devfs/devfs_vnops.c
+===================================================================
+--- sys/fs/devfs/devfs_vnops.c	(revision 192300)
++++ sys/fs/devfs/devfs_vnops.c	(revision 192301)
+@@ -890,6 +890,7 @@
+ 	if (fp != NULL) {
+ 		FILE_LOCK(fp);
+ 		fp->f_data = dev;
++		fp->f_vnode = vp;
+ 		FILE_UNLOCK(fp);
+ 	}
+ 	fpop = td->td_fpop;
+
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-null.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-null.patch
new file mode 100644
index 000000000000..16e5023806eb
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-null.patch
@@ -0,0 +1,47 @@
+http://security.freebsd.org/advisories/FreeBSD-EN-09:05.null.asc
+
+Index: sys/kern/kern_exec.c
+===================================================================
+--- sys/kern/kern_exec.c	(revision 197682)
++++ sys/kern/kern_exec.c	(working copy)
+@@ -122,6 +122,11 @@
+ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
+     &ps_arg_cache_limit, 0, "");
+ 
++static int map_at_zero = 1;
++TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
++SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
++    "Permit processes to map an object at virtual address 0.");
++
+ static int
+ sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+ {
+@@ -939,7 +944,7 @@
+ 	int error;
+ 	struct proc *p = imgp->proc;
+ 	struct vmspace *vmspace = p->p_vmspace;
+-	vm_offset_t stack_addr;
++	vm_offset_t sv_minuser, stack_addr;
+ 	vm_map_t map;
+ 	u_long ssiz;
+ 
+@@ -955,13 +960,17 @@
+ 	 * not disrupted
+ 	 */
+ 	map = &vmspace->vm_map;
+-	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
++	if (map_at_zero)
++		sv_minuser = sv->sv_minuser;
++	else
++		sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
+ 	    vm_map_max(map) == sv->sv_maxuser) {
+ 		shmexit(vmspace);
+ 		pmap_remove_pages(vmspace_pmap(vmspace));
+ 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
+ 	} else {
+-		error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
++		error = vmspace_exec(p, sv_minuser, sv->sv_maxuser);
+ 		if (error)
+ 			return (error);
+ 		vmspace = p->p_vmspace;
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-7.2-r2.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-7.2-r2.ebuild
new file mode 100644
index 000000000000..52de4e553b71
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-7.2-r2.ebuild
@@ -0,0 +1,109 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-7.2-r2.ebuild,v 1.1 2009/10/16 13:05:27 aballier Exp $
+
+inherit bsdmk freebsd flag-o-matic
+
+DESCRIPTION="FreeBSD kernel sources"
+SLOT="${PVR}"
+KEYWORDS="~sparc-fbsd ~x86-fbsd"
+
+IUSE="symlink"
+
+SRC_URI="mirror://gentoo/${SYS}.tar.bz2"
+
+RDEPEND=">=sys-freebsd/freebsd-mk-defs-7.0"
+DEPEND=""
+
+RESTRICT="strip binchecks"
+
+S="${WORKDIR}/sys"
+
+MY_PVR="${PVR}"
+
+[[ ${MY_PVR} == "${RV}" ]] && MY_PVR="${MY_PVR}-r0"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# This replaces the gentoover patch, it doesn't need reapply every time.
+	sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \
+		-e 's:^BRANCH=.*:BRANCH="Gentoo":' \
+		-e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \
+		"${S}/conf/newvers.sh"
+
+	# __FreeBSD_cc_version comes from FreeBSD's gcc.
+	# on 7.0-RELEASE it's 700003.
+	sed -e "s:-D_KERNEL:-D_KERNEL -D__FreeBSD_cc_version=700004:g" \
+		-i "${S}/conf/kern.pre.mk" \
+		-i "${S}/conf/kmod.mk" || die "Couldn't set __FreeBSD_cc_version"
+
+	epatch "${FILESDIR}/${PN}-7.0-gentoo.patch"
+	epatch "${FILESDIR}/${PN}-6.0-flex-2.5.31.patch"
+	epatch "${FILESDIR}/${PN}-7.1-asm.patch"
+	epatch "${FILESDIR}/${PN}-7.0-werror.patch"
+	epatch "${FILESDIR}/${PN}-7.2-sparc64.patch"
+	epatch "${FILESDIR}/${PN}-6.1-ntfs.patch"
+	epatch "${FILESDIR}/${PN}-7.2-debug-O2.patch"
+	epatch "${FILESDIR}/${PN}-7.1-types.h-fix.patch"
+	epatch "${FILESDIR}/${PN}-7.1-subnet-route-pr40133.patch"
+	epatch "${FILESDIR}/${PN}-7.1-includes.patch"
+	epatch "${FILESDIR}/${PN}-7.2-pipe.patch"
+	epatch "${FILESDIR}/${PN}-7.2-ipv6.patch"
+	epatch "${FILESDIR}/${PN}-7.2-devfs7.patch"
+	epatch "${FILESDIR}/${PN}-7.2-null.patch"
+
+	# Disable SSP for the kernel
+	grep -Zlr -- -ffreestanding "${S}" | xargs -0 sed -i -e \
+		"s:-ffreestanding:-ffreestanding $(test-flags -fno-stack-protector -fno-stack-protector-all):g"
+
+	# By adding -DGENTOO_LIVECD to CFLAGS activate this stub
+	# vop_whiteout to tmpfs, so it can be used as an overlay
+	# unionfs filesystem over the cd9660 readonly filesystem.
+	epatch "${FILESDIR}/${PN}-7.0-tmpfs_whiteout_stub.patch"
+
+	# See http://sourceware.org/bugzilla/show_bug.cgi?id=5391
+	# ld doesn't provide symbols constructed as the __start_set_(s) ones
+	# are on FreeBSD modules.
+	# This patch adds code to generate a list of these and adds them
+	# as undefined references to ld's commandline to get them.
+	# Without this kernel modules will not load.
+	epatch "${FILESDIR}/${PN}-7.1-binutils_link.patch"
+}
+
+src_compile() {
+	einfo "Nothing to compile.."
+}
+
+src_install() {
+	insinto "/usr/src/sys-${MY_PVR}"
+	doins -r "${S}/"*
+}
+
+pkg_postinst() {
+	if [[ ! -L "${ROOT}/usr/src/sys" ]]; then
+		einfo "/usr/src/sys symlink doesn't exist; creating symlink to sys-${MY_PVR}..."
+		ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys" || \
+			eerror "Couldn't create ${ROOT}/usr/src/sys symlink."
+		# just in case...
+		[[ -L ""${ROOT}/usr/src/sys-${RV}"" ]] && rm "${ROOT}/usr/src/sys-${RV}"
+		ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys-${RV}" || \
+			eerror "Couldn't create ${ROOT}/usr/src/sys-${RV} symlink."
+	elif use symlink; then
+		einfo "Updating /usr/src/sys symlink to sys-${MY_PVR}..."
+		rm "${ROOT}/usr/src/sys" "${ROOT}/usr/src/sys-${RV}" || \
+			eerror "Couldn't remove previous symlinks, please fix manually."
+		ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys" || \
+			eerror "Couldn't create ${ROOT}/usr/src/sys symlink."
+		ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys-${RV}" || \
+			eerror "Couldn't create ${ROOT}/usr/src/sys-${RV} symlink."
+	fi
+
+	if use sparc-fbsd ; then
+		ewarn "WARNING: kldload currently causes kernel panics"
+		ewarn "on sparc64. This is probably a gcc-4.1 issue, but"
+		ewarn "we need gcc-4.1 to compile the kernel correctly :/"
+		ewarn "Please compile all modules you need into the kernel"
+	fi
+}