diff options
| author |   Naohiro Aota <naota@gentoo.org> | 2013-11-17 04:22:41 +0000 |
|---|---|---|
| committer | Naohiro Aota <naota@gentoo.org> | 2013-11-17 04:22:41 +0000 |
| commit | 81b839d74172a41525a2cb0d7a0049832c993211 (patch) | |
| tree | 75577e07c28ce82564cc4773bb5dd23afc7043dc /sys-freebsd | |
| parent | 1.6.1 with restricted tests due to upstream bug (diff) | |
| download | gentoo-2-81b839d74172a41525a2cb0d7a0049832c993211.tar.gz gentoo-2-81b839d74172a41525a2cb0d7a0049832c993211.tar.bz2 gentoo-2-81b839d74172a41525a2cb0d7a0049832c993211.zip | |
Add Eratta/CVE patch. #482076
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key F8551514)
Diffstat (limited to 'sys-freebsd')
6 files changed, 263 insertions, 1 deletions
diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog index c1e08dda21c9..afdcb0d26000 100644 --- a/sys-freebsd/freebsd-sources/ChangeLog +++ b/sys-freebsd/freebsd-sources/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-freebsd/freebsd-sources # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.100 2013/11/09 09:18:11 aballier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.101 2013/11/17 04:22:41 naota Exp $ + +*freebsd-sources-9.1-r4 (17 Nov 2013) + + 17 Nov 2013; Naohiro Aota <naota@gentoo.org> + +files/freebsd-sources-9.1-cve-2013-3077.patch, + +files/freebsd-sources-9.1-cve-2013-5209.patch, + +files/freebsd-sources-9.1-cve-2013-5691.patch, + +files/freebsd-sources-9.1-cve-2013-5710.patch, + +freebsd-sources-9.1-r4.ebuild: + Add Eratta/CVE patch. #482076 *freebsd-sources-9.2 (09 Nov 2013) diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch new file mode 100644 index 000000000000..23f68ed9c3db --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch @@ -0,0 +1,26 @@ +Index: sys/netinet/in_mcast.c +=================================================================== +--- sys/netinet/in_mcast.c (revision 254252) ++++ sys/netinet/in_mcast.c (working copy) +@@ -1648,6 +1648,8 @@ + * has asked for, but we always tell userland how big the + * buffer really needs to be. + */ ++ if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) ++ msfr.msfr_nsrcs = in_mcast_maxsocksrc; + tss = NULL; + if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) { + tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs, +Index: sys/netinet6/in6_mcast.c +=================================================================== +--- sys/netinet6/in6_mcast.c (revision 254252) ++++ sys/netinet6/in6_mcast.c (working copy) +@@ -1625,6 +1625,8 @@ + * has asked for, but we always tell userland how big the + * buffer really needs to be. + */ ++ if (msfr.msfr_nsrcs > in6_mcast_maxsocksrc) ++ msfr.msfr_nsrcs = in6_mcast_maxsocksrc; + tss = NULL; + if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) { + tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs, diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch new file mode 100644 index 000000000000..e6710e3bcb8b --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch @@ -0,0 +1,19 @@ +Index: sys/netinet/sctp_output.c +=================================================================== +--- sys/netinet/sctp_output.c (revision 254337) ++++ sys/netinet/sctp_output.c (revision 254338) +@@ -5406,6 +5406,14 @@ + } + SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); + ++ /* ++ * We might not overwrite the identification[] completely and on ++ * some platforms time_entered will contain some padding. Therefore ++ * zero out the cookie to avoid putting uninitialized memory on the ++ * wire. ++ */ ++ memset(&stc, 0, sizeof(struct sctp_state_cookie)); ++ + /* the time I built cookie */ + (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); + diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch new file mode 100644 index 000000000000..9aef1503f770 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch @@ -0,0 +1,89 @@ +Index: sys/net/if.c +=================================================================== +--- sys/net/if.c (revision 254941) ++++ sys/net/if.c (working copy) +@@ -2553,11 +2553,23 @@ + CURVNET_RESTORE(); + return (EOPNOTSUPP); + } ++ ++ /* ++ * Pass the request on to the socket control method, and if the ++ * latter returns EOPNOTSUPP, directly to the interface. ++ * ++ * Make an exception for the legacy SIOCSIF* requests. Drivers ++ * trust SIOCSIFADDR et al to come from an already privileged ++ * layer, and do not perform any credentials checks or input ++ * validation. ++ */ + #ifndef COMPAT_43 + error = ((*so->so_proto->pr_usrreqs->pru_control)(so, cmd, + data, + ifp, td)); +- if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL) ++ if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL && ++ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR && ++ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK) + error = (*ifp->if_ioctl)(ifp, cmd, data); + #else + { +@@ -2601,7 +2613,9 @@ + data, + ifp, td)); + if (error == EOPNOTSUPP && ifp != NULL && +- ifp->if_ioctl != NULL) ++ ifp->if_ioctl != NULL && ++ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR && ++ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK) + error = (*ifp->if_ioctl)(ifp, cmd, data); + switch (ocmd) { + +Index: sys/netinet6/in6.c +=================================================================== +--- sys/netinet6/in6.c (revision 254941) ++++ sys/netinet6/in6.c (working copy) +@@ -431,6 +431,18 @@ + case SIOCGIFSTAT_ICMP6: + sa6 = &ifr->ifr_addr; + break; ++ case SIOCSIFADDR: ++ case SIOCSIFBRDADDR: ++ case SIOCSIFDSTADDR: ++ case SIOCSIFNETMASK: ++ /* ++ * Although we should pass any non-INET6 ioctl requests ++ * down to driver, we filter some legacy INET requests. ++ * Drivers trust SIOCSIFADDR et al to come from an already ++ * privileged layer, and do not perform any credentials ++ * checks or input validation. ++ */ ++ return (EINVAL); + default: + sa6 = NULL; + break; +Index: sys/netnatm/natm.c +=================================================================== +--- sys/netnatm/natm.c (revision 254941) ++++ sys/netnatm/natm.c (working copy) +@@ -339,6 +339,21 @@ + npcb = (struct natmpcb *)so->so_pcb; + KASSERT(npcb != NULL, ("natm_usr_control: npcb == NULL")); + ++ switch (cmd) { ++ case SIOCSIFADDR: ++ case SIOCSIFBRDADDR: ++ case SIOCSIFDSTADDR: ++ case SIOCSIFNETMASK: ++ /* ++ * Although we should pass any non-ATM ioctl requests ++ * down to driver, we filter some legacy INET requests. ++ * Drivers trust SIOCSIFADDR et al to come from an already ++ * privileged layer, and do not perform any credentials ++ * checks or input validation. ++ */ ++ return (EINVAL); ++ } ++ + if (ifp == NULL || ifp->if_ioctl == NULL) + return (EOPNOTSUPP); + return ((*ifp->if_ioctl)(ifp, cmd, arg)); diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch new file mode 100644 index 000000000000..83f30e84fe9e --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5710.patch @@ -0,0 +1,28 @@ +Index: sys/fs/nullfs/null_vnops.c +=================================================================== +--- sys/fs/nullfs/null_vnops.c (revision 254941) ++++ sys/fs/nullfs/null_vnops.c (working copy) +@@ -858,6 +858,15 @@ + return (error); + } + ++static int ++null_link(struct vop_link_args *ap) ++{ ++ ++ if (ap->a_tdvp->v_mount != ap->a_vp->v_mount) ++ return (EXDEV); ++ return (null_bypass((struct vop_generic_args *)ap)); ++} ++ + /* + * Global vfs data structures + */ +@@ -871,6 +880,7 @@ + .vop_getwritemount = null_getwritemount, + .vop_inactive = null_inactive, + .vop_islocked = vop_stdislocked, ++ .vop_link = null_link, + .vop_lock1 = null_lock, + .vop_lookup = null_lookup, + .vop_open = null_open, diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild new file mode 100644 index 000000000000..e84e8de60d4d --- /dev/null +++ b/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-9.1-r4.ebuild,v 1.1 2013/11/17 04:22:40 naota Exp $ + +inherit bsdmk freebsd flag-o-matic + +DESCRIPTION="FreeBSD kernel sources" +SLOT="${RV}" +KEYWORDS="~amd64-fbsd ~sparc-fbsd ~x86-fbsd" + +IUSE="symlink" + +SRC_URI="mirror://gentoo/${SYS}.tar.bz2 + http://dev.gentoo.org/~naota/patch/${P}-en-13-03.patch" + +RDEPEND="=sys-freebsd/freebsd-mk-defs-${RV}*" +DEPEND="" + +RESTRICT="strip binchecks" + +S="${WORKDIR}/sys" + +PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch" + "${FILESDIR}/${PN}-9.1-gentoo.patch" + "${FILESDIR}/${PN}-6.0-flex-2.5.31.patch" + "${FILESDIR}/${PN}-6.1-ntfs.patch" + "${FILESDIR}/${PN}-7.1-types.h-fix.patch" + "${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch" + "${FILESDIR}/${PN}-7.1-includes.patch" + "${FILESDIR}/${PN}-9.0-sysctluint.patch" + "${FILESDIR}/${PN}-7.0-tmpfs_whiteout_stub.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-3266.patch" + "${FILESDIR}/${PN}-9.1-mmap.patch" + "${FILESDIR}/${PN}-9.1-nfsserver.patch" + "${DISTDIR}/${PN}-9.1-en-13-03.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-3077.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-5209.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-5691.patch" + "${FILESDIR}/${PN}-9.1-cve-2013-5710.patch" ) + +src_unpack() { + freebsd_src_unpack + + # This replaces the gentoover patch, it doesn't need reapply every time. + sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \ + -e 's:^BRANCH=.*:BRANCH="Gentoo":' \ + -e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \ + "${S}/conf/newvers.sh" + + # __FreeBSD_cc_version comes from FreeBSD's gcc. + # on 9.0-RELEASE it's 900001. + sed -e "s:-D_KERNEL:-D_KERNEL -D__FreeBSD_cc_version=900001:g" \ + -i "${S}/conf/kern.pre.mk" \ + -i "${S}/conf/kmod.mk" || die "Couldn't set __FreeBSD_cc_version" + + # Remove -Werror + sed -e "s:-Werror:-Wno-error:g" \ + -i "${S}/conf/kern.pre.mk" \ + -i "${S}/conf/kmod.mk" || die +} + +src_compile() { + einfo "Nothing to compile.." +} + +src_install() { + insinto "/usr/src/sys-${RV}" + doins -r "${S}/"* +} + +pkg_postinst() { + if [[ ! -L "${ROOT}/usr/src/sys" ]]; then + einfo "/usr/src/sys symlink doesn't exist; creating symlink to sys-${RV}..." + ln -sf "sys-${RV}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + elif use symlink; then + einfo "Updating /usr/src/sys symlink to sys-${RV}..." + rm "${ROOT}/usr/src/sys" || \ + eerror "Couldn't remove previous symlinks, please fix manually." + ln -sf "sys-${RV}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + fi + + if use sparc-fbsd ; then + ewarn "WARNING: kldload currently causes kernel panics" + ewarn "on sparc64. This is probably a gcc-4.1 issue, but" + ewarn "we need gcc-4.1 to compile the kernel correctly :/" + ewarn "Please compile all modules you need into the kernel" + fi +} |