commit: eb758f6a55fff9cc369b15c431540bb99e56c10b Author: Yuta SATOH <nigoro <AT> gentoo <DOT> gr <DOT> jp> AuthorDate: Sat Jan 31 09:56:03 2015 +0000 Commit: Yuta SATOH <nigoro.gentoo <AT> 0x100 <DOT> com> CommitDate: Sat Jan 31 09:56:03 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/gentoo-bsd.git;a=commit;h=eb758f6a
freebsd-sources-10.1.0.9999-r1: security fix CVE-2014-8612, CVE-2014-8613 --- sys-freebsd/freebsd-sources/Manifest | 4 +- .../files/freebsd-sources-10.1-cve-2014-8612.patch | 45 ++++++++ .../files/freebsd-sources-10.1-cve-2014-8613.patch | 119 +++++++++++++++++++++ ...build => freebsd-sources-10.1.0.9999-r1.ebuild} | 4 +- 4 files changed, 170 insertions(+), 2 deletions(-) diff --git a/sys-freebsd/freebsd-sources/Manifest b/sys-freebsd/freebsd-sources/Manifest index 4d7802d..ff1ec0e 100644 --- a/sys-freebsd/freebsd-sources/Manifest +++ b/sys-freebsd/freebsd-sources/Manifest @@ -3,6 +3,8 @@ AUX freebsd-sources-10.0-EN-1407-pmap.patch 520 SHA256 64f3fc5765449538fecd6a911 AUX freebsd-sources-10.0-SA-1417-kmem.patch 10626 SHA256 217fed19e36d6febc973f2eff141e9d10ff5700122126b9097c36f9642b168e7 SHA512 0706bef96076723a92664316573c2a877e090213ea50fdde2418d8ea7d98acc76fd45832bb9b66a5af45b6fc97e9d6ab11e7aa561514a4c59ed3afce516d3581 WHIRLPOOL f06b189d12ee4dd7ccec1d84b68297d2b3e33c832440f01c94c07cf5e051e9fa8ef782c28d01f976a017941f832da0be88700575f1092498aaffb7eb931821ac AUX freebsd-sources-10.0-clang34.patch 838 SHA256 2f1b02ff11ac48958857fa07168ea27f4974884cdf850f54f3c61541bf9617d2 SHA512 63403f328a2c394aefc66a6230e5c7699ca59d809780686055152f53ce5f7b86b7f2b083951e5e51d0a34ed20561f2473a22c3af8919f0336bf6f10a9db03113 WHIRLPOOL 5d0779ea5f5609f629d9751e365997ac39c2eaab3c0b8f2153b0ed17bf08896b581f3c109a51634be820f0e40b3cc18c6072b1540a1a270099263c63adfb3d67 AUX freebsd-sources-10.0-gentoo.patch 713 SHA256 13588f0572ba95c86beb755ce3d681c963e220694e3c0b3aae29faf05f8479da SHA512 98b8d1bf033b9bd7147f10e5bb4a39ac4883ec02ef0cc3825541ff11cb9bfe5e7722e7b8dcefe4c356f9fb0f86ec5cad6fbf9b80dbfd04149142fea5f8712d4d WHIRLPOOL 6372ec9abb566d06db174dd20785ab1768487ac2d57799fabad2d45cb77418f0e39aa0bad745c873e1c50de86a70fa80890f7f2f377f6a53f4fd5b7a6fa49edf +AUX freebsd-sources-10.1-cve-2014-8612.patch 2097 SHA256 c8ade882a39dd8f65c34b175457cdd93be6eafea67ffb5f977435d48a19b6b68 SHA512 b233ae1d249bdbf516aba611d081a5a6ccaaab32f9e281cce65136c68c6a47362eac33398d6849a45e4e1c30f02a482287d6339069d29ece0aa5c4d9101e24a4 WHIRLPOOL 4713b4d896c561d47686b9f1d53a7e3c912fc58c8039529f0ae244b2cc533aabf20f386a1f9bc8632849ebd084d3739b6be55d4f39a00d484d5d230755497b69 +AUX freebsd-sources-10.1-cve-2014-8613.patch 4181 SHA256 61b5e717e88671ecc3da9c2b11d4c6d5ddc26f529ed19cb8ce588743cd00af9d SHA512 30deeb82af385abb0b57cc02752e72d8dda37688df99038910f04558ab064624cb576b1989ba8a7674e3a9046f9607be90596d9bdfb2f28900568291b0f96717 WHIRLPOOL 1073a364805b0ef8377dae6e3cd1665de6e4e99612549081fd794a4d92b4b4ee583a68e66f089340dc35129e3fb0bcf00b14b5b71304b6dac744d9a852530fbe AUX freebsd-sources-6.0-flex-2.5.31.patch 826 SHA256 8aaf240a344106fc5434fd098eb6555a554d16513b71c95f93a93388021c3d99 SHA512 7183b1923019df12849e7d3984c4227d65275077cf95c3b0719b99dc852234eb3813db0e69e9c34bdfca45a59f7340209211d0b7a2a5074c2d1ad8ea0a3a3f64 WHIRLPOOL 620ae55a54333c55e44247aad76be467bdfa491dac646f65dc0e0b6b1a95fe8edf5087e9ed68abeac1ef6db1a91c0e673342bf44f8753b6b8a5dce889137cdcc AUX freebsd-sources-6.1-ntfs.patch 1043 SHA256 2eb0e22bea267d7ac41c3dec81682d3cc1f1744316ea39342e2aaae1f2dca469 SHA512 5401b50ed93bd9155b8adc3f0d6ec81b6e48431bb950cdf468be2e918553e19cd88a1988cdad49be2a34a1db44419cb9eb7067ff0fb1feb8b3f6373aa3c262ad WHIRLPOOL bf4821beae08e002f290286bc290b2bfeac86db46c1597232f06a23e505d720e34841393d9fb4d7276ff7b98c1c133aae5d58c3ec7b8f12712b51260b981bd14 AUX freebsd-sources-7.0-tmpfs_whiteout_stub.patch 1015 SHA256 7857fc90c6d5ed28d848146d50ab5bcd01f79ad3480ad1335929f08e45afbc44 SHA512 9dc96b967869efd7480785977764e879bf50978b5e609867e678574f9ed1476695690832bdb725eaebc8d93e83b4a0b3fe9f23b94e2de072a6540a168b13c4a7 WHIRLPOOL 6841f24f2d3ff569ff0e7bd4d628955c9b61b41aa039bdd1e736fa82f737842101c212d8ae8961d1db335e53ba332cdbec1d021a4c57520e426926981bca4512 @@ -23,6 +25,6 @@ AUX freebsd-sources-9.2-gentoo.patch 716 SHA256 9a196adef145f57bf960b936f69065f6 AUX freebsd-sources-cve-2012-0217.patch 856 SHA256 9b752e65a29b2b9a4a1412765d69d00310c05508af1cfa6d8d3c16d545bb3ffe SHA512 b1ac18cae23b81fd5ab2fcb44bb9f9808d6eb80f52b8572b81296fdd0b18edee62460520bc753848283d67e13367bf99775a2a5c6cf0272def9cdff6ec6fa4d9 WHIRLPOOL 27e4d0647c5275b77123bef6b866ac841af4b1b547fc663f776da82a7889995eba21b930adeabf2a71b3fbe053d2af5583cbdb6e8fd16a0379d10214d24b9121 AUX freebsd-sources-cve-2012-4576.patch 561 SHA256 c3ad42e10164eaa3d928fd11a68b5ab490981b5d4684315e7e78c582e680d6c2 SHA512 451fb9be983672fa8d85d34bf13b67e70ac4bbda44da0c16ee484349bcf4e9ad795f66c36b5216bbcf022f709727dc19760e9f23b001a5768d9fa15dbad8122a WHIRLPOOL 2f261add2b2d9014782198b564a807f1a61917e0fbe91354ce5b1a685b27e312e699b7dc799f1653c952864633be84dda110e37f74378a3c5f1c5aacacb6811d EBUILD freebsd-sources-10.0.0.9999-r4.ebuild 3767 SHA256 157f4aca34c64778cb10fa0682ef2bcb71234a75d764617a2b565335a5fe0e06 SHA512 4404b0ca857ef88bad1f36238f79ee82a4806fee0207dfaa64c0e152d59f0a86450666d7fe0bff6134fdf8bffda0181f8169d68ae379d5016e49f1f4584f1fc6 WHIRLPOOL b7b8c3cf385134d59d76aa791cec0a290fd0c7c93c2d464084bdff8c4f6f074bff39a1d16ee7008d1b5024c9e75f1b78f07f33ac101a8426875e0e2a72abb0d5 -EBUILD freebsd-sources-10.1.0.9999.ebuild 3814 SHA256 15e88cf6f13b0e0698535339184fc44e1b8da85e07f1ac36963c670a253c5823 SHA512 c84eb19285831a9c67452a8a9f6c837f88b5d64fa6307bbc12143d70c90fb2ec70156d2fbb218e581e6e70467a3cb278c0f4359ad0706f16521ad2007cd43a22 WHIRLPOOL 3d6ebc4a1f68147cdd2845568ea750c3cdb6cdb4ddfbb2c572a0d832db5903206fbc830cbed129987036a7a123cb9a532345503998b3ba99c37c88b78c107675 +EBUILD freebsd-sources-10.1.0.9999-r1.ebuild 3906 SHA256 ab19bc3a80568fa08a0f155bb044d9c2e8376c47d46348beb7da74d65be71a73 SHA512 7c8dc6d0892210598e65718e59c46b43b1d37a85c3c1cc11188b8eee5220f5394caa965a02c439cd0051ce94f1525c61573bb896c207966bd112ec6f705331e8 WHIRLPOOL d9f4b5f989a9ee44b899cb129d0c3eb1dee5fc796f732a9125e7e751d4933c8068f1d45a1ffbfda71ffb5729e31888231e17333eae248b01a8b412a21d252510 EBUILD freebsd-sources-9.3.0.9999.ebuild 3480 SHA256 53444c2041f38e45f405f11f3ca98f833ddaec78d0ec9fd2c4d11d2826455404 SHA512 0d77fbb0c7a02d04f728f728ae89b1839fa042aa29d28189bbf82f378dd909d711f04cad5e9aab2b7ba2796dd50526475f7842664d63d09452a6359b995ef795 WHIRLPOOL 032aa9f584e58d1431d542968b927b670b40668e6350e1c3b05e38357d4da0a922ee5bdade75c1d5ca51727b3930cbe1803dec36cabcf91057e4406db2bca9a8 MISC metadata.xml 410 SHA256 f29a086ab076d7e7924571990c4cab73cce2aec303e10cf3be057dfa0c8b27fd SHA512 d949aac7499d418fce878c099d47713112e1856346dbf7478e95c14f37a5f2c2fbd580a21b2330712e439d5be235bc2de69ac182bd46c1727e95fbb3b081dd0f WHIRLPOOL ffc6ba7653dfa4be5d63231043a64c85a3ad2409f98b8e1f9cf03dd51edb84b1ed0add5a613e591e9f2409c92e3be08e8b3f7f2073fa45f362c19ef72ec7f63d diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch new file mode 100644 index 0000000..7c615d3 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch @@ -0,0 +1,45 @@ +Index: sys/netinet/sctp_usrreq.c +=================================================================== +--- sys/netinet/sctp_usrreq.c (revision 277788) ++++ sys/netinet/sctp_usrreq.c (working copy) +@@ -1863,8 +1863,9 @@ flags_out: + SCTP_CHECK_AND_CAST(av, optval, struct sctp_stream_value, *optsize); + SCTP_FIND_STCB(inp, stcb, av->assoc_id); + if (stcb) { +- if (stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], +- &av->stream_value) < 0) { ++ if ((av->stream_id >= stcb->asoc.streamoutcnt) || ++ (stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], ++ &av->stream_value) < 0)) { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + } else { +@@ -4032,8 +4033,9 @@ sctp_setopt(struct socket *so, int optname, void * + SCTP_CHECK_AND_CAST(av, optval, struct sctp_stream_value, optsize); + SCTP_FIND_STCB(inp, stcb, av->assoc_id); + if (stcb) { +- if (stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], +- av->stream_value) < 0) { ++ if ((av->stream_id >= stcb->asoc.streamoutcnt) || ++ (stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], ++ av->stream_value) < 0)) { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + } +@@ -4043,10 +4045,12 @@ sctp_setopt(struct socket *so, int optname, void * + SCTP_INP_RLOCK(inp); + LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { + SCTP_TCB_LOCK(stcb); +- stcb->asoc.ss_functions.sctp_ss_set_value(stcb, +- &stcb->asoc, +- &stcb->asoc.strmout[av->stream_id], +- av->stream_value); ++ if (av->stream_id < stcb->asoc.streamoutcnt) { ++ stcb->asoc.ss_functions.sctp_ss_set_value(stcb, ++ &stcb->asoc, ++ &stcb->asoc.strmout[av->stream_id], ++ av->stream_value); ++ } + SCTP_TCB_UNLOCK(stcb); + } + SCTP_INP_RUNLOCK(inp); diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch new file mode 100644 index 0000000..1e2fe91 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch @@ -0,0 +1,119 @@ +Index: sys/netinet/sctp_input.c +=================================================================== +--- sys/netinet/sctp_input.c (revision 277788) ++++ sys/netinet/sctp_input.c (working copy) +@@ -3649,6 +3649,9 @@ sctp_handle_stream_reset_response(struct sctp_tcb + /* huh ? */ + return (0); + } ++ if (ntohs(respin->ph.param_length) < sizeof(struct sctp_stream_reset_response_tsn)) { ++ return (0); ++ } + if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { + resp = (struct sctp_stream_reset_response_tsn *)respin; + asoc->stream_reset_outstanding--; +@@ -4037,7 +4040,7 @@ __attribute__((noinline)) + sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset, + struct sctp_chunkhdr *ch_req) + { +- int chk_length, param_len, ptype; ++ uint16_t remaining_length, param_len, ptype; + struct sctp_paramhdr pstore; + uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE]; + uint32_t seq = 0; +@@ -4050,7 +4053,7 @@ __attribute__((noinline)) + int num_param = 0; + + /* now it may be a reset or a reset-response */ +- chk_length = ntohs(ch_req->chunk_length); ++ remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct sctp_chunkhdr); + + /* setup for adding the response */ + sctp_alloc_a_chunk(stcb, chk); +@@ -4088,20 +4091,27 @@ strres_nochunk: + ch->chunk_length = htons(chk->send_size); + SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); + offset += sizeof(struct sctp_chunkhdr); +- while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) { ++ while (remaining_length >= sizeof(struct sctp_paramhdr)) { + ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(pstore), (uint8_t *) & pstore); +- if (ph == NULL) ++ if (ph == NULL) { ++ /* TSNH */ + break; ++ } + param_len = ntohs(ph->param_length); +- if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) { +- /* bad param */ ++ if ((param_len > remaining_length) || ++ (param_len < (sizeof(struct sctp_paramhdr) + sizeof(uint32_t)))) { ++ /* bad parameter length */ + break; + } +- ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, (int)sizeof(cstore)), ++ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, sizeof(cstore)), + (uint8_t *) & cstore); ++ if (ph == NULL) { ++ /* TSNH */ ++ break; ++ } + ptype = ntohs(ph->param_type); + num_param++; +- if (param_len > (int)sizeof(cstore)) { ++ if (param_len > sizeof(cstore)) { + trunc = 1; + } else { + trunc = 0; +@@ -4113,6 +4123,9 @@ strres_nochunk: + if (ptype == SCTP_STR_RESET_OUT_REQUEST) { + struct sctp_stream_reset_out_request *req_out; + ++ if (param_len < sizeof(struct sctp_stream_reset_out_request)) { ++ break; ++ } + req_out = (struct sctp_stream_reset_out_request *)ph; + num_req++; + if (stcb->asoc.stream_reset_outstanding) { +@@ -4126,6 +4139,9 @@ strres_nochunk: + } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) { + struct sctp_stream_reset_add_strm *str_add; + ++ if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { ++ break; ++ } + str_add = (struct sctp_stream_reset_add_strm *)ph; + num_req++; + sctp_handle_str_reset_add_strm(stcb, chk, str_add); +@@ -4132,6 +4148,9 @@ strres_nochunk: + } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) { + struct sctp_stream_reset_add_strm *str_add; + ++ if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { ++ break; ++ } + str_add = (struct sctp_stream_reset_add_strm *)ph; + num_req++; + sctp_handle_str_reset_add_out_strm(stcb, chk, str_add); +@@ -4156,6 +4175,9 @@ strres_nochunk: + struct sctp_stream_reset_response *resp; + uint32_t result; + ++ if (param_len < sizeof(struct sctp_stream_reset_response)) { ++ break; ++ } + resp = (struct sctp_stream_reset_response *)ph; + seq = ntohl(resp->response_seq); + result = ntohl(resp->result); +@@ -4167,7 +4189,11 @@ strres_nochunk: + break; + } + offset += SCTP_SIZE32(param_len); +- chk_length -= SCTP_SIZE32(param_len); ++ if (remaining_length >= SCTP_SIZE32(param_len)) { ++ remaining_length -= SCTP_SIZE32(param_len); ++ } else { ++ remaining_length = 0; ++ } + } + if (num_req == 0) { + /* we have no response free the stuff */ diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild similarity index 96% rename from sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild rename to sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild index 0e7a8df..fce83da 100644 --- a/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild +++ b/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild @@ -42,7 +42,9 @@ PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch" "${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch" "${FILESDIR}/${PN}-7.1-includes.patch" "${FILESDIR}/${PN}-9.0-sysctluint.patch" - "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" ) + "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" + "${FILESDIR}/${PN}-10.1-cve-2014-8612.patch" + "${FILESDIR}/${PN}-10.1-cve-2014-8613.patch" ) pkg_setup() { # Force set CC=clang. when using gcc, aesni fails to build.