diff options
author | Naohiro Aota <naota@gentoo.org> | 2012-06-27 10:29:23 +0000 |
---|---|---|
committer | Naohiro Aota <naota@gentoo.org> | 2012-06-27 10:29:23 +0000 |
commit | 14243eeb9a80ae3ca3f7a586ad5f672d01cab662 (patch) | |
tree | b5ea4b36f7eec49befc08d4915ac80afd5757001 /sys-freebsd/freebsd-sources | |
parent | old (diff) | |
download | historical-14243eeb9a80ae3ca3f7a586ad5f672d01cab662.tar.gz historical-14243eeb9a80ae3ca3f7a586ad5f672d01cab662.tar.bz2 historical-14243eeb9a80ae3ca3f7a586ad5f672d01cab662.zip |
Add patch for CVE-2012-0217 and EN-12:02 #422993 #422995
Package-Manager: portage-2.2.0_alpha110/cvs/Linux x86_64
Diffstat (limited to 'sys-freebsd/freebsd-sources')
-rw-r--r-- | sys-freebsd/freebsd-sources/ChangeLog | 12 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/Manifest | 28 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch | 128 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch | 26 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild (renamed from sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild) | 5 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild (renamed from sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild) | 5 |
6 files changed, 198 insertions, 6 deletions
diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog index f1641910e4c3..e6f6364744dd 100644 --- a/sys-freebsd/freebsd-sources/ChangeLog +++ b/sys-freebsd/freebsd-sources/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-freebsd/freebsd-sources # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.72 2012/05/27 13:06:03 ryao Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.73 2012/06/27 10:29:23 naota Exp $ + +*freebsd-sources-8.2-r2 (27 Jun 2012) +*freebsd-sources-9.0-r4 (27 Jun 2012) + + 27 Jun 2012; Naohiro Aota <naota@gentoo.org> + +files/freebsd-sources-9.0-ipv6refcount.patch, + +files/freebsd-sources-cve-2012-0217.patch, +freebsd-sources-8.2-r2.ebuild, + +freebsd-sources-9.0-r4.ebuild, -freebsd-sources-8.2-r1.ebuild, + -freebsd-sources-9.0-r3.ebuild: + Add patch for CVE-2012-0217 and EN-12:02 #422993 #422995 *freebsd-sources-9.0-r3 (27 May 2012) diff --git a/sys-freebsd/freebsd-sources/Manifest b/sys-freebsd/freebsd-sources/Manifest index d032530c4c7c..ecc3818c242f 100644 --- a/sys-freebsd/freebsd-sources/Manifest +++ b/sys-freebsd/freebsd-sources/Manifest @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + AUX freebsd-sources-6.0-flex-2.5.31.patch 826 RMD160 a93341cfba5ddbd8df777273591ce21164f3ed41 SHA1 9f991b64b237a397e7aa0bad79a9a28c0de69339 SHA256 8aaf240a344106fc5434fd098eb6555a554d16513b71c95f93a93388021c3d99 AUX freebsd-sources-6.1-ntfs.patch 1043 RMD160 0389ef971934db5b239d81ec016d94a21398c226 SHA1 03d8c702bbd6bd79f7b3cbe64f720487b87fa442 SHA256 2eb0e22bea267d7ac41c3dec81682d3cc1f1744316ea39342e2aaae1f2dca469 AUX freebsd-sources-7.0-gentoo.patch 1346 RMD160 9182f84f08fa8edb68e505c1ec274c93678cab2c SHA1 277d7f7a6c24c37ec30d051b775ab6c3eea96996 SHA256 c5930673345572ab3466c862ecb2aefa410931e541cf58b1ca4464827bb1646e @@ -26,16 +29,35 @@ AUX freebsd-sources-8.2-unix2.patch 1642 RMD160 0ddbf08159fe3d99fde9d07ac624a07a AUX freebsd-sources-9.0-disable-optimization.patch 927 RMD160 77f8b87f57d4cd3df163fc971567afc4374ca078 SHA1 ae2ac9608ff808c5e1ee52c9294aa66ae0d15ccc SHA256 e8ad8d8ed1f729b7b22839a7af93b3dd667f257b05db95f408c48b270003a486 AUX freebsd-sources-9.0-disable-optimizations.patch 792 RMD160 4cd19f9cb5c119eabb3700da25d1f25fd1fc2750 SHA1 3a799bec3310d928cb11c45873faec002d88a732 SHA256 4d04d158c118ec218eae51db8e522efa16467b554df8d1e8f1a882617d36a555 AUX freebsd-sources-9.0-gentoo.patch 1194 RMD160 1933e7ca85b65d8f81622c01d1b3374fa9072319 SHA1 30992a38173c1732ec1f05fe6c19ac961717917c SHA256 251178d014e62fbc3f20c26dd0e78401cc6691a848facd3ff2c7418ed7a43f22 +AUX freebsd-sources-9.0-ipv6refcount.patch 3259 RMD160 e9f53cf11931e900ab881748f9fb617a4ecfc0f2 SHA1 5ad1a4a47099772d2655244443fd4d2dbdad06e2 SHA256 18186ef2f9fc020c0da053953b9e8c8629c2302082e0ee172dd7e84a7104bdd5 AUX freebsd-sources-9.0-sysctluint.patch 403 RMD160 46bb18c424ea7011db86341e427fd095495c4bcc SHA1 9d3c1606c886d96a88c89283bc18a2717c87fc76 SHA256 884fbc5d6d3766ea3d4609946f56072f36f95368dc13ee316c330a46d42f0c9e +AUX freebsd-sources-cve-2012-0217.patch 856 RMD160 38cd459f900671f0f39df40353da6a0a1894b4b8 SHA1 3f96d861602f6b0442b2a412cd6b18437a3cfa55 SHA256 9b752e65a29b2b9a4a1412765d69d00310c05508af1cfa6d8d3c16d545bb3ffe DIST freebsd-sys-7.2.tar.bz2 23005928 RMD160 0ecdff9fbefe9e16325e09a76310ca2b4a7751b8 SHA1 1c2d6894371a8650288ebf1a4831a4b08c2e4f09 SHA256 38e1fc670b8438be42947b1512ca7d10b0f8c62c58d3234afd8ce2e55b6cae11 DIST freebsd-sys-8.0.tar.bz2 22552771 RMD160 08f5b09dc0b4353658a309e9e1198dbab1f5ab83 SHA1 9c5e4bdc7af2b9947c55751325880c27f80df225 SHA256 2d822bdeecbbea660aea06ba147a23878cbae7f0640b0b822552d6fa1836d8c9 DIST freebsd-sys-8.2.tar.bz2 25835329 RMD160 e8fe34f792c1102fe237af7c87ba9c259cd46d22 SHA1 f2a52be8011126a3882d8df2907a22293ad1c581 SHA256 0c6c7b61aae94db2931f985d5899f3bca78fc8ffab6b598fbaa158142d676f16 DIST freebsd-sys-9.0.tar.bz2 30369960 RMD160 137ac728d78767eae184ac0bf00014d1bfeffc37 SHA1 cc09df384bd519ddf39254605a5ad80f702f3d68 SHA256 1c5e2181db9e92209933b1de9488109d88f0b2f15d07ee37aa491920e1990a54 EBUILD freebsd-sources-7.2-r3.ebuild 3943 RMD160 3ac41528e8eb22a186114f2b767b33a6f25372ba SHA1 0b0df74007a6cf813292a1a056e4433676e4d2c7 SHA256 f6b279fd482a0b156924fc23fbb7a110b156d7c61a583e25817c1afa3f48b3a8 EBUILD freebsd-sources-8.0.ebuild 3671 RMD160 6655f21db26ee64b50ce019816667bfe18ee4017 SHA1 00c9a13a48c92554ae49adebd725fde59a3da704 SHA256 4b9c2b8f9a800697543e942138914a7784f3e111dc33db7dfe8daa31c37b3262 -EBUILD freebsd-sources-8.2-r1.ebuild 3701 RMD160 8a12d0abc7d37a19b7cc0447ff2b3bcebdb84a75 SHA1 69d144943d701f2a852324ddbbea1c0705c9fbc0 SHA256 6a5414a83ca2a406b92ba1a3f96467d311469a86c40fdfbf41a8810526e21d43 +EBUILD freebsd-sources-8.2-r2.ebuild 3801 RMD160 2cb144a019f5bbcb9e5d6763c6a1ed198ec43709 SHA1 304b416f89ef6a80c6c95436f4d66a2d9308a70f SHA256 1766a68e4f3191690a805d89280250a549fdbe0ef08ca9962c0aa46256ff0762 EBUILD freebsd-sources-9.0-r1.ebuild 3356 RMD160 8735dd8b8efbc9e2b251c533cf310c88589e95cc SHA1 d5df1dbd0064fe42c02dc96e0578b7b1f76cf222 SHA256 1b00c7c08286f1122eed01d211bf93e86ab63ff20475f35d030df23d806eb155 -EBUILD freebsd-sources-9.0-r3.ebuild 3351 RMD160 8b85b8bc8e1cdf3cac7bfab82e53403c3825d855 SHA1 7d67ae50e175216d9b6a5ae7b5ff783db1912e0c SHA256 be1591cee7248bed9725872a4b5753e9c06c6a20f7ebd21923738496875116bb +EBUILD freebsd-sources-9.0-r4.ebuild 3452 RMD160 fe933eb819cd0548c6a2f9fa3e1d3b125c20fb5b SHA1 92fc2fd226cd4ec68d298ade4743d8ca1221eac1 SHA256 b69418e11c38e8a9e547421b570ec38c541d60d820795dd01c7a3d0e46ecc606 EBUILD freebsd-sources-9.0.ebuild 3322 RMD160 e5efb0abd0ab553a88ef60fddfed4a31c62173c6 SHA1 9963952e4f7c28f7d3ee1256552903ccd7f2479e SHA256 5a07f9680abe4f39dee7cf3d307e6f45006da275e426cdab29997ba6659062fd -MISC ChangeLog 19304 RMD160 a7d6a8dba36f0a6bc335ddc1516021c790c5260c SHA1 480247cd3f9373e982a3ed7412d87d6d5f491907 SHA256 937769d1c53b9e0f4814952c14f60442f6fd88e62908fb2de774af4f719f5956 +MISC ChangeLog 19716 RMD160 a188c8b29c55f93774ec9845f1efae7220c49bae SHA1 71cf9d0f7af8c8c5a2f0a9ad643452308c0078a9 SHA256 fd4f83a0c017744cac3bef63f7c2a7937fd51741223462210f15b7292f636c4e MISC metadata.xml 156 RMD160 60b5820a08275f307e5bd936d78f5afd1f141086 SHA1 d9d9d4f2b5afc58339ea3e562fca490156935f1f SHA256 30ab515d6ac492d3d6c36ac3c675511742c2149e56a6b3228c8d22ab8edb3ff7 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (GNU/Linux) + +iQIcBAEBCAAGBQJP6uCNAAoJEDYO1FT4VRUU6cMP/2VP43btBayinSPJ6e9HHkf4 +FkR+Fxy5k9TAvCsZDrKXAJcWfHUJuzSpf++bWrk0+7Ca7CMJMeEEuUHIYBiuicp3 +RUb9rxliuXs9GrtBDMAd4vmY4t9OZnuaxr5xQ7OZ0gvGyFhXqjhrvuX0k9sOusal +39ozfb6CnZXkkFVs+lbziqn7xegR15AY8Dm3OZ2puMYg69SGJFtYYd6FyoCGhU8R ++HhqL6QkTBStwl24ag/WQRiPMHUG+TD3qgAnpqnYVaGn0JhtPZh3aTNWxJHxWdmY +lzKEKS8PdyXSQoRlk+73FPnYwU6YCIUa+Z9Oe8C6XIqHwIZaHtYny9gscacsJjwu +2IiRgL6Gj2y/3iB/8exzlmgY+nt4M8mefzjK0MyeTW5Md060S/+Ae1tDDVCxQh/s +XHWN8dYRNZl9XF6KFsXaMKYwDuvTkUx06TLi55FpOWvYpP4Laa00O63PdxEWLtn3 +y+mpBvkgN3YKSmRODYW42e9s7FMPgN8SPc5DarLk0MBCY5nrhEZA4IXrQz3Fl8aK +O7u5xlwPUCEU/xGs7C6uOQ8ncj0hmnR/GTGiPgp7jGniPCjjMl+m953OQ0ClHHJR +0QXYDqEYgkI1Iv1/mhtHtq57XkHzJAWTRBbwJ0CMWwPNmTTBp+sKcNOcoQnctX37 +2QuQDoGHCRjPsdTXsmb8 +=Mliu +-----END PGP SIGNATURE----- diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch new file mode 100644 index 000000000000..f0984f6776c8 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.0-ipv6refcount.patch @@ -0,0 +1,128 @@ +Index: sys/netinet6/in6.c +=================================================================== +--- sys/netinet6/in6.c.orig ++++ sys/netinet6/in6.c +@@ -1369,6 +1369,8 @@ in6_purgeaddr(struct ifaddr *ifa) + } + + cleanup: ++ if (ifa0 != NULL) ++ ifa_free(ifa0); + + plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ + if ((ia->ia_flags & IFA_ROUTE) && plen == 128) { +@@ -1393,8 +1395,6 @@ cleanup: + return; + ia->ia_flags &= ~IFA_ROUTE; + } +- if (ifa0 != NULL) +- ifa_free(ifa0); + + in6_unlink_ifa(ia, ifp); + } +@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c + hostid = IFA_IN6(ifa); + + /* prefixlen must be <= 64. */ +- if (64 < iflr->prefixlen) ++ if (64 < iflr->prefixlen) { ++ if (ifa != NULL) ++ ifa_free(ifa); + return EINVAL; ++ } + prefixlen = iflr->prefixlen; + + /* hostid part must be zero. */ + sin6 = (struct sockaddr_in6 *)&iflr->addr; + if (sin6->sin6_addr.s6_addr32[2] != 0 || + sin6->sin6_addr.s6_addr32[3] != 0) { ++ if (ifa != NULL) ++ ifa_free(ifa); + return EINVAL; + } + } else +@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr + IN6_IFADDR_RUNLOCK(); + return (struct in6_ifaddr *)ifa; + } +- IN6_IFADDR_RUNLOCK(); + + /* use the last-resort values, that are, deprecated addresses */ +- if (dep[0]) ++ if (dep[0]) { ++ ifa_ref((struct ifaddr *)dep[0]); ++ IN6_IFADDR_RUNLOCK(); + return dep[0]; +- if (dep[1]) ++ } ++ if (dep[1]) { ++ ifa_ref((struct ifaddr *)dep[1]); ++ IN6_IFADDR_RUNLOCK(); + return dep[1]; ++ } + ++ IN6_IFADDR_RUNLOCK(); + return NULL; + } + +Index: sys/netinet6/ip6_input.c +=================================================================== +--- sys/netinet6/ip6_input.c.orig ++++ sys/netinet6/ip6_input.c +@@ -879,19 +879,23 @@ passin: + * as our interface address (e.g. multicast addresses, addresses + * within FAITH prefixes and such). + */ +- if (deliverifp && !ip6_getdstifaddr(m)) { ++ if (deliverifp) { + struct in6_ifaddr *ia6; + +- ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); +- if (ia6) { +- if (!ip6_setdstifaddr(m, ia6)) { +- /* +- * XXX maybe we should drop the packet here, +- * as we could not provide enough information +- * to the upper layers. +- */ ++ if ((ia6 = ip6_getdstifaddr(m)) != NULL) { ++ ifa_free(&ia6->ia_ifa); ++ } else { ++ ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); ++ if (ia6) { ++ if (!ip6_setdstifaddr(m, ia6)) { ++ /* ++ * XXX maybe we should drop the packet here, ++ * as we could not provide enough information ++ * to the upper layers. ++ */ ++ } ++ ifa_free(&ia6->ia_ifa); + } +- ifa_free(&ia6->ia_ifa); + } + } + +Index: sys/netinet/tcp_input.c +=================================================================== +--- sys/netinet/tcp_input.c.orig ++++ sys/netinet/tcp_input.c +@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto) + (caddr_t)&ip6->ip6_dst - (caddr_t)ip6); + return IPPROTO_DONE; + } ++ if (ia6) ++ ifa_free(&ia6->ia_ifa); + + tcp_input(m, *offp); + return IPPROTO_DONE; +@@ -1240,7 +1242,8 @@ relocked: + rstreason = BANDLIM_RST_OPENPORT; + goto dropwithreset; + } +- ifa_free(&ia6->ia_ifa); ++ if (ia6) ++ ifa_free(&ia6->ia_ifa); + } + #endif /* INET6 */ + /* diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch new file mode 100644 index 000000000000..0bf1b611a091 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch @@ -0,0 +1,26 @@ +Index: sys/amd64/amd64/trap.c +=================================================================== +--- sys/amd64/amd64/trap.c.orig ++++ sys/amd64/amd64/trap.c (working copy) +@@ -972,4 +972,21 @@ + syscallname(td->td_proc, sa.code))); + + syscallret(td, error, &sa); ++ ++ /* ++ * If the user-supplied value of %rip is not a canonical ++ * address, then some CPUs will trigger a ring 0 #GP during ++ * the sysret instruction. However, the fault handler would ++ * execute with the user's %gs and %rsp in ring 0 which would ++ * not be safe. Instead, preemptively kill the thread with a ++ * SIGBUS. ++ */ ++ if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) { ++ ksiginfo_init_trap(&ksi); ++ ksi.ksi_signo = SIGBUS; ++ ksi.ksi_code = BUS_OBJERR; ++ ksi.ksi_trapno = T_PROTFLT; ++ ksi.ksi_addr = (void *)td->td_frame->tf_rip; ++ trapsignal(td, &ksi); ++ } + } diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild index 0ffa86a25486..833d9c314240 100644 --- a/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild +++ b/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r1.ebuild,v 1.1 2012/04/02 10:13:19 naota Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-8.2-r2.ebuild,v 1.1 2012/06/27 10:29:23 naota Exp $ inherit bsdmk freebsd flag-o-matic @@ -67,6 +67,9 @@ src_unpack() { # as undefined references to ld's commandline to get them. # Without this kernel modules will not load. epatch "${FILESDIR}/${PN}-7.1-binutils_link.patch" + + epatch "${FILESDIR}/${PN}-cve-2012-0217.patch" + epatch "${FILESDIR}/${PN}-9.0-ipv6refcount.patch" } src_compile() { diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild index 2274bfb771c5..1198b304ee30 100644 --- a/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild +++ b/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r3.ebuild,v 1.1 2012/05/27 13:06:03 ryao Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-9.0-r4.ebuild,v 1.1 2012/06/27 10:29:23 naota Exp $ inherit bsdmk freebsd flag-o-matic @@ -60,6 +60,9 @@ src_unpack() { # vop_whiteout to tmpfs, so it can be used as an overlay # unionfs filesystem over the cd9660 readonly filesystem. epatch "${FILESDIR}/${PN}-7.0-tmpfs_whiteout_stub.patch" + + epatch "${FILESDIR}/${PN}-cve-2012-0217.patch" + epatch "${FILESDIR}/${PN}-9.0-ipv6refcount.patch" } src_compile() { |