summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-freebsd/freebsd-sources/ChangeLog12
-rw-r--r--sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch128
-rw-r--r--sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch26
-rw-r--r--sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild (renamed from sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild)5
-rw-r--r--sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild (renamed from sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild)5
5 files changed, 173 insertions, 3 deletions
diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog
index f1641910e4c3..e6f6364744dd 100644
--- a/sys-freebsd/freebsd-sources/ChangeLog
+++ b/sys-freebsd/freebsd-sources/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for sys-freebsd/freebsd-sources
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.72 2012/05/27 13:06:03 ryao Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.73 2012/06/27 10:29:23 naota Exp $
+
+*freebsd-sources-8.2-r2 (27 Jun 2012)
+*freebsd-sources-9.0-r4 (27 Jun 2012)
+
+ 27 Jun 2012; Naohiro Aota <naota@gentoo.org>
+ +files/freebsd-sources-9.0-ipv6refcount.patch,
+ +files/freebsd-sources-cve-2012-0217.patch, +freebsd-sources-8.2-r2.ebuild,
+ +freebsd-sources-9.0-r4.ebuild, -freebsd-sources-8.2-r1.ebuild,
+ -freebsd-sources-9.0-r3.ebuild:
+ Add patch for CVE-2012-0217 and EN-12:02 #422993 #422995
*freebsd-sources-9.0-r3 (27 May 2012)
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch
new file mode 100644
index 000000000000..f0984f6776c8
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch
@@ -0,0 +1,128 @@
+Index: sys/netinet6/in6.c
+===================================================================
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -1369,6 +1369,8 @@ in6_purgeaddr(struct ifaddr *ifa)
+ }
+
+ cleanup:
++ if (ifa0 != NULL)
++ ifa_free(ifa0);
+
+ plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
+ if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
+@@ -1393,8 +1395,6 @@ cleanup:
+ return;
+ ia->ia_flags &= ~IFA_ROUTE;
+ }
+- if (ifa0 != NULL)
+- ifa_free(ifa0);
+
+ in6_unlink_ifa(ia, ifp);
+ }
+@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c
+ hostid = IFA_IN6(ifa);
+
+ /* prefixlen must be <= 64. */
+- if (64 < iflr->prefixlen)
++ if (64 < iflr->prefixlen) {
++ if (ifa != NULL)
++ ifa_free(ifa);
+ return EINVAL;
++ }
+ prefixlen = iflr->prefixlen;
+
+ /* hostid part must be zero. */
+ sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ sin6->sin6_addr.s6_addr32[3] != 0) {
++ if (ifa != NULL)
++ ifa_free(ifa);
+ return EINVAL;
+ }
+ } else
+@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr
+ IN6_IFADDR_RUNLOCK();
+ return (struct in6_ifaddr *)ifa;
+ }
+- IN6_IFADDR_RUNLOCK();
+
+ /* use the last-resort values, that are, deprecated addresses */
+- if (dep[0])
++ if (dep[0]) {
++ ifa_ref((struct ifaddr *)dep[0]);
++ IN6_IFADDR_RUNLOCK();
+ return dep[0];
+- if (dep[1])
++ }
++ if (dep[1]) {
++ ifa_ref((struct ifaddr *)dep[1]);
++ IN6_IFADDR_RUNLOCK();
+ return dep[1];
++ }
+
++ IN6_IFADDR_RUNLOCK();
+ return NULL;
+ }
+
+Index: sys/netinet6/ip6_input.c
+===================================================================
+--- sys/netinet6/ip6_input.c.orig
++++ sys/netinet6/ip6_input.c
+@@ -879,19 +879,23 @@ passin:
+ * as our interface address (e.g. multicast addresses, addresses
+ * within FAITH prefixes and such).
+ */
+- if (deliverifp && !ip6_getdstifaddr(m)) {
++ if (deliverifp) {
+ struct in6_ifaddr *ia6;
+
+- ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+- if (ia6) {
+- if (!ip6_setdstifaddr(m, ia6)) {
+- /*
+- * XXX maybe we should drop the packet here,
+- * as we could not provide enough information
+- * to the upper layers.
+- */
++ if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
++ ifa_free(&ia6->ia_ifa);
++ } else {
++ ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++ if (ia6) {
++ if (!ip6_setdstifaddr(m, ia6)) {
++ /*
++ * XXX maybe we should drop the packet here,
++ * as we could not provide enough information
++ * to the upper layers.
++ */
++ }
++ ifa_free(&ia6->ia_ifa);
+ }
+- ifa_free(&ia6->ia_ifa);
+ }
+ }
+
+Index: sys/netinet/tcp_input.c
+===================================================================
+--- sys/netinet/tcp_input.c.orig
++++ sys/netinet/tcp_input.c
+@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
+ (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ return IPPROTO_DONE;
+ }
++ if (ia6)
++ ifa_free(&ia6->ia_ifa);
+
+ tcp_input(m, *offp);
+ return IPPROTO_DONE;
+@@ -1240,7 +1242,8 @@ relocked:
+ rstreason = BANDLIM_RST_OPENPORT;
+ goto dropwithreset;
+ }
+- ifa_free(&ia6->ia_ifa);
++ if (ia6)
++ ifa_free(&ia6->ia_ifa);
+ }
+ #endif /* INET6 */
+ /*
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch
new file mode 100644
index 000000000000..0bf1b611a091
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch
@@ -0,0 +1,26 @@
+Index: sys/amd64/amd64/trap.c
+===================================================================
+--- sys/amd64/amd64/trap.c.orig
++++ sys/amd64/amd64/trap.c (working copy)
+@@ -972,4 +972,21 @@
+ syscallname(td->td_proc, sa.code)));
+
+ syscallret(td, error, &sa);
++
++ /*
++ * If the user-supplied value of %rip is not a canonical
++ * address, then some CPUs will trigger a ring 0 #GP during
++ * the sysret instruction. However, the fault handler would
++ * execute with the user's %gs and %rsp in ring 0 which would
++ * not be safe. Instead, preemptively kill the thread with a
++ * SIGBUS.
++ */
++ if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
++ ksiginfo_init_trap(&ksi);
++ ksi.ksi_signo = SIGBUS;
++ ksi.ksi_code = BUS_OBJERR;
++ ksi.ksi_trapno = T_PROTFLT;
++ ksi.ksi_addr = (void *)td->td_frame->tf_rip;
++ trapsignal(td, &ksi);
++ }
+ }
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild
index 0ffa86a25486..833d9c314240 100644
--- a/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild,v 1.1 2012/04/02 10:13:19 naota Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild,v 1.1 2012/06/27 10:29:23 naota Exp $
inherit bsdmk freebsd flag-o-matic
@@ -67,6 +67,9 @@ src_unpack() {
# as undefined references to ld's commandline to get them.
# Without this kernel modules will not load.
epatch "${FILESDIR}/${PN}-7.1-binutils_link.patch"
+
+ epatch "${FILESDIR}/${PN}-cve-2012-0217.patch"
+ epatch "${FILESDIR}/${PN}-9.0-ipv6refcount.patch"
}
src_compile() {
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild
index 2274bfb771c5..1198b304ee30 100644
--- a/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild,v 1.1 2012/05/27 13:06:03 ryao Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild,v 1.1 2012/06/27 10:29:23 naota Exp $
inherit bsdmk freebsd flag-o-matic
@@ -60,6 +60,9 @@ src_unpack() {
# vop_whiteout to tmpfs, so it can be used as an overlay
# unionfs filesystem over the cd9660 readonly filesystem.
epatch "${FILESDIR}/${PN}-7.0-tmpfs_whiteout_stub.patch"
+
+ epatch "${FILESDIR}/${PN}-cve-2012-0217.patch"
+ epatch "${FILESDIR}/${PN}-9.0-ipv6refcount.patch"
}
src_compile() {