commit: eb758f6a55fff9cc369b15c431540bb99e56c10b
Author: Yuta SATOH <nigoro <AT> gentoo <DOT> gr <DOT> jp>
AuthorDate: Sat Jan 31 09:56:03 2015 +0000
Commit: Yuta SATOH <nigoro.gentoo <AT> 0x100 <DOT> com>
CommitDate: Sat Jan 31 09:56:03 2015 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/gentoo-bsd.git;a=commit;h=eb758f6a
freebsd-sources-10.1.0.9999-r1: security fix CVE-2014-8612, CVE-2014-8613
---
sys-freebsd/freebsd-sources/Manifest | 4 +-
.../files/freebsd-sources-10.1-cve-2014-8612.patch | 45 ++++++++
.../files/freebsd-sources-10.1-cve-2014-8613.patch | 119 +++++++++++++++++++++
...build => freebsd-sources-10.1.0.9999-r1.ebuild} | 4 +-
4 files changed, 170 insertions(+), 2 deletions(-)
diff --git a/sys-freebsd/freebsd-sources/Manifest
b/sys-freebsd/freebsd-sources/Manifest
index 4d7802d..ff1ec0e 100644
--- a/sys-freebsd/freebsd-sources/Manifest
+++ b/sys-freebsd/freebsd-sources/Manifest
@@ -3,6 +3,8 @@ AUX freebsd-sources-10.0-EN-1407-pmap.patch 520 SHA256
64f3fc5765449538fecd6a911
AUX freebsd-sources-10.0-SA-1417-kmem.patch 10626 SHA256
217fed19e36d6febc973f2eff141e9d10ff5700122126b9097c36f9642b168e7 SHA512
0706bef96076723a92664316573c2a877e090213ea50fdde2418d8ea7d98acc76fd45832bb9b66a5af45b6fc97e9d6ab11e7aa561514a4c59ed3afce516d3581
WHIRLPOOL
f06b189d12ee4dd7ccec1d84b68297d2b3e33c832440f01c94c07cf5e051e9fa8ef782c28d01f976a017941f832da0be88700575f1092498aaffb7eb931821ac
AUX freebsd-sources-10.0-clang34.patch 838 SHA256
2f1b02ff11ac48958857fa07168ea27f4974884cdf850f54f3c61541bf9617d2 SHA512
63403f328a2c394aefc66a6230e5c7699ca59d809780686055152f53ce5f7b86b7f2b083951e5e51d0a34ed20561f2473a22c3af8919f0336bf6f10a9db03113
WHIRLPOOL
5d0779ea5f5609f629d9751e365997ac39c2eaab3c0b8f2153b0ed17bf08896b581f3c109a51634be820f0e40b3cc18c6072b1540a1a270099263c63adfb3d67
AUX freebsd-sources-10.0-gentoo.patch 713 SHA256
13588f0572ba95c86beb755ce3d681c963e220694e3c0b3aae29faf05f8479da SHA512
98b8d1bf033b9bd7147f10e5bb4a39ac4883ec02ef0cc3825541ff11cb9bfe5e7722e7b8dcefe4c356f9fb0f86ec5cad6fbf9b80dbfd04149142fea5f8712d4d
WHIRLPOOL
6372ec9abb566d06db174dd20785ab1768487ac2d57799fabad2d45cb77418f0e39aa0bad745c873e1c50de86a70fa80890f7f2f377f6a53f4fd5b7a6fa49edf
+AUX freebsd-sources-10.1-cve-2014-8612.patch 2097 SHA256
c8ade882a39dd8f65c34b175457cdd93be6eafea67ffb5f977435d48a19b6b68 SHA512
b233ae1d249bdbf516aba611d081a5a6ccaaab32f9e281cce65136c68c6a47362eac33398d6849a45e4e1c30f02a482287d6339069d29ece0aa5c4d9101e24a4
WHIRLPOOL
4713b4d896c561d47686b9f1d53a7e3c912fc58c8039529f0ae244b2cc533aabf20f386a1f9bc8632849ebd084d3739b6be55d4f39a00d484d5d230755497b69
+AUX freebsd-sources-10.1-cve-2014-8613.patch 4181 SHA256
61b5e717e88671ecc3da9c2b11d4c6d5ddc26f529ed19cb8ce588743cd00af9d SHA512
30deeb82af385abb0b57cc02752e72d8dda37688df99038910f04558ab064624cb576b1989ba8a7674e3a9046f9607be90596d9bdfb2f28900568291b0f96717
WHIRLPOOL
1073a364805b0ef8377dae6e3cd1665de6e4e99612549081fd794a4d92b4b4ee583a68e66f089340dc35129e3fb0bcf00b14b5b71304b6dac744d9a852530fbe
AUX freebsd-sources-6.0-flex-2.5.31.patch 826 SHA256
8aaf240a344106fc5434fd098eb6555a554d16513b71c95f93a93388021c3d99 SHA512
7183b1923019df12849e7d3984c4227d65275077cf95c3b0719b99dc852234eb3813db0e69e9c34bdfca45a59f7340209211d0b7a2a5074c2d1ad8ea0a3a3f64
WHIRLPOOL
620ae55a54333c55e44247aad76be467bdfa491dac646f65dc0e0b6b1a95fe8edf5087e9ed68abeac1ef6db1a91c0e673342bf44f8753b6b8a5dce889137cdcc
AUX freebsd-sources-6.1-ntfs.patch 1043 SHA256
2eb0e22bea267d7ac41c3dec81682d3cc1f1744316ea39342e2aaae1f2dca469 SHA512
5401b50ed93bd9155b8adc3f0d6ec81b6e48431bb950cdf468be2e918553e19cd88a1988cdad49be2a34a1db44419cb9eb7067ff0fb1feb8b3f6373aa3c262ad
WHIRLPOOL
bf4821beae08e002f290286bc290b2bfeac86db46c1597232f06a23e505d720e34841393d9fb4d7276ff7b98c1c133aae5d58c3ec7b8f12712b51260b981bd14
AUX freebsd-sources-7.0-tmpfs_whiteout_stub.patch 1015 SHA256
7857fc90c6d5ed28d848146d50ab5bcd01f79ad3480ad1335929f08e45afbc44 SHA512
9dc96b967869efd7480785977764e879bf50978b5e609867e678574f9ed1476695690832bdb725eaebc8d93e83b4a0b3fe9f23b94e2de072a6540a168b13c4a7
WHIRLPOOL
6841f24f2d3ff569ff0e7bd4d628955c9b61b41aa039bdd1e736fa82f737842101c212d8ae8961d1db335e53ba332cdbec1d021a4c57520e426926981bca4512
@@ -23,6 +25,6 @@ AUX freebsd-sources-9.2-gentoo.patch 716 SHA256
9a196adef145f57bf960b936f69065f6
AUX freebsd-sources-cve-2012-0217.patch 856 SHA256
9b752e65a29b2b9a4a1412765d69d00310c05508af1cfa6d8d3c16d545bb3ffe SHA512
b1ac18cae23b81fd5ab2fcb44bb9f9808d6eb80f52b8572b81296fdd0b18edee62460520bc753848283d67e13367bf99775a2a5c6cf0272def9cdff6ec6fa4d9
WHIRLPOOL
27e4d0647c5275b77123bef6b866ac841af4b1b547fc663f776da82a7889995eba21b930adeabf2a71b3fbe053d2af5583cbdb6e8fd16a0379d10214d24b9121
AUX freebsd-sources-cve-2012-4576.patch 561 SHA256
c3ad42e10164eaa3d928fd11a68b5ab490981b5d4684315e7e78c582e680d6c2 SHA512
451fb9be983672fa8d85d34bf13b67e70ac4bbda44da0c16ee484349bcf4e9ad795f66c36b5216bbcf022f709727dc19760e9f23b001a5768d9fa15dbad8122a
WHIRLPOOL
2f261add2b2d9014782198b564a807f1a61917e0fbe91354ce5b1a685b27e312e699b7dc799f1653c952864633be84dda110e37f74378a3c5f1c5aacacb6811d
EBUILD freebsd-sources-10.0.0.9999-r4.ebuild 3767 SHA256
157f4aca34c64778cb10fa0682ef2bcb71234a75d764617a2b565335a5fe0e06 SHA512
4404b0ca857ef88bad1f36238f79ee82a4806fee0207dfaa64c0e152d59f0a86450666d7fe0bff6134fdf8bffda0181f8169d68ae379d5016e49f1f4584f1fc6
WHIRLPOOL
b7b8c3cf385134d59d76aa791cec0a290fd0c7c93c2d464084bdff8c4f6f074bff39a1d16ee7008d1b5024c9e75f1b78f07f33ac101a8426875e0e2a72abb0d5
-EBUILD freebsd-sources-10.1.0.9999.ebuild 3814 SHA256
15e88cf6f13b0e0698535339184fc44e1b8da85e07f1ac36963c670a253c5823 SHA512
c84eb19285831a9c67452a8a9f6c837f88b5d64fa6307bbc12143d70c90fb2ec70156d2fbb218e581e6e70467a3cb278c0f4359ad0706f16521ad2007cd43a22
WHIRLPOOL
3d6ebc4a1f68147cdd2845568ea750c3cdb6cdb4ddfbb2c572a0d832db5903206fbc830cbed129987036a7a123cb9a532345503998b3ba99c37c88b78c107675
+EBUILD freebsd-sources-10.1.0.9999-r1.ebuild 3906 SHA256
ab19bc3a80568fa08a0f155bb044d9c2e8376c47d46348beb7da74d65be71a73 SHA512
7c8dc6d0892210598e65718e59c46b43b1d37a85c3c1cc11188b8eee5220f5394caa965a02c439cd0051ce94f1525c61573bb896c207966bd112ec6f705331e8
WHIRLPOOL
d9f4b5f989a9ee44b899cb129d0c3eb1dee5fc796f732a9125e7e751d4933c8068f1d45a1ffbfda71ffb5729e31888231e17333eae248b01a8b412a21d252510
EBUILD freebsd-sources-9.3.0.9999.ebuild 3480 SHA256
53444c2041f38e45f405f11f3ca98f833ddaec78d0ec9fd2c4d11d2826455404 SHA512
0d77fbb0c7a02d04f728f728ae89b1839fa042aa29d28189bbf82f378dd909d711f04cad5e9aab2b7ba2796dd50526475f7842664d63d09452a6359b995ef795
WHIRLPOOL
032aa9f584e58d1431d542968b927b670b40668e6350e1c3b05e38357d4da0a922ee5bdade75c1d5ca51727b3930cbe1803dec36cabcf91057e4406db2bca9a8
MISC metadata.xml 410 SHA256
f29a086ab076d7e7924571990c4cab73cce2aec303e10cf3be057dfa0c8b27fd SHA512
d949aac7499d418fce878c099d47713112e1856346dbf7478e95c14f37a5f2c2fbd580a21b2330712e439d5be235bc2de69ac182bd46c1727e95fbb3b081dd0f
WHIRLPOOL
ffc6ba7653dfa4be5d63231043a64c85a3ad2409f98b8e1f9cf03dd51edb84b1ed0add5a613e591e9f2409c92e3be08e8b3f7f2073fa45f362c19ef72ec7f63d
diff --git
a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch
b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch
new file mode 100644
index 0000000..7c615d3
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch
@@ -0,0 +1,45 @@
+Index: sys/netinet/sctp_usrreq.c
+===================================================================
+--- sys/netinet/sctp_usrreq.c (revision 277788)
++++ sys/netinet/sctp_usrreq.c (working copy)
+@@ -1863,8 +1863,9 @@ flags_out:
+ SCTP_CHECK_AND_CAST(av, optval, struct
sctp_stream_value, *optsize);
+ SCTP_FIND_STCB(inp, stcb, av->assoc_id);
+ if (stcb) {
+- if
(stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
+- &av->stream_value) < 0) {
++ if ((av->stream_id >= stcb->asoc.streamoutcnt)
||
++
(stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
++ &av->stream_value) < 0)) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
+ error = EINVAL;
+ } else {
+@@ -4032,8 +4033,9 @@ sctp_setopt(struct socket *so, int optname, void *
+ SCTP_CHECK_AND_CAST(av, optval, struct
sctp_stream_value, optsize);
+ SCTP_FIND_STCB(inp, stcb, av->assoc_id);
+ if (stcb) {
+- if
(stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
+- av->stream_value) < 0) {
++ if ((av->stream_id >= stcb->asoc.streamoutcnt)
||
++
(stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
++ av->stream_value) < 0)) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
+ error = EINVAL;
+ }
+@@ -4043,10 +4045,12 @@ sctp_setopt(struct socket *so, int optname, void *
+ SCTP_INP_RLOCK(inp);
+ LIST_FOREACH(stcb,
&inp->sctp_asoc_list, sctp_tcblist) {
+ SCTP_TCB_LOCK(stcb);
+-
stcb->asoc.ss_functions.sctp_ss_set_value(stcb,
+- &stcb->asoc,
+-
&stcb->asoc.strmout[av->stream_id],
+- av->stream_value);
++ if (av->stream_id <
stcb->asoc.streamoutcnt) {
++
stcb->asoc.ss_functions.sctp_ss_set_value(stcb,
++ &stcb->asoc,
++
&stcb->asoc.strmout[av->stream_id],
++ av->stream_value);
++ }
+ SCTP_TCB_UNLOCK(stcb);
+ }
+ SCTP_INP_RUNLOCK(inp);
diff --git
a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch
b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch
new file mode 100644
index 0000000..1e2fe91
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch
@@ -0,0 +1,119 @@
+Index: sys/netinet/sctp_input.c
+===================================================================
+--- sys/netinet/sctp_input.c (revision 277788)
++++ sys/netinet/sctp_input.c (working copy)
+@@ -3649,6 +3649,9 @@ sctp_handle_stream_reset_response(struct sctp_tcb
+ /* huh ? */
+ return (0);
+ }
++ if (ntohs(respin->ph.param_length) <
sizeof(struct sctp_stream_reset_response_tsn)) {
++ return (0);
++ }
+ if (action ==
SCTP_STREAM_RESET_RESULT_PERFORMED) {
+ resp = (struct
sctp_stream_reset_response_tsn *)respin;
+ asoc->stream_reset_outstanding--;
+@@ -4037,7 +4040,7 @@ __attribute__((noinline))
+ sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int
offset,
+ struct sctp_chunkhdr *ch_req)
+ {
+- int chk_length, param_len, ptype;
++ uint16_t remaining_length, param_len, ptype;
+ struct sctp_paramhdr pstore;
+ uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE];
+ uint32_t seq = 0;
+@@ -4050,7 +4053,7 @@ __attribute__((noinline))
+ int num_param = 0;
+
+ /* now it may be a reset or a reset-response */
+- chk_length = ntohs(ch_req->chunk_length);
++ remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct
sctp_chunkhdr);
+
+ /* setup for adding the response */
+ sctp_alloc_a_chunk(stcb, chk);
+@@ -4088,20 +4091,27 @@ strres_nochunk:
+ ch->chunk_length = htons(chk->send_size);
+ SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
+ offset += sizeof(struct sctp_chunkhdr);
+- while ((size_t)chk_length >= sizeof(struct
sctp_stream_reset_tsn_request)) {
++ while (remaining_length >= sizeof(struct sctp_paramhdr)) {
+ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
sizeof(pstore), (uint8_t *) & pstore);
+- if (ph == NULL)
++ if (ph == NULL) {
++ /* TSNH */
+ break;
++ }
+ param_len = ntohs(ph->param_length);
+- if (param_len < (int)sizeof(struct
sctp_stream_reset_tsn_request)) {
+- /* bad param */
++ if ((param_len > remaining_length) ||
++ (param_len < (sizeof(struct sctp_paramhdr) +
sizeof(uint32_t)))) {
++ /* bad parameter length */
+ break;
+ }
+- ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
min(param_len, (int)sizeof(cstore)),
++ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
min(param_len, sizeof(cstore)),
+ (uint8_t *) & cstore);
++ if (ph == NULL) {
++ /* TSNH */
++ break;
++ }
+ ptype = ntohs(ph->param_type);
+ num_param++;
+- if (param_len > (int)sizeof(cstore)) {
++ if (param_len > sizeof(cstore)) {
+ trunc = 1;
+ } else {
+ trunc = 0;
+@@ -4113,6 +4123,9 @@ strres_nochunk:
+ if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
+ struct sctp_stream_reset_out_request *req_out;
+
++ if (param_len < sizeof(struct
sctp_stream_reset_out_request)) {
++ break;
++ }
+ req_out = (struct sctp_stream_reset_out_request *)ph;
+ num_req++;
+ if (stcb->asoc.stream_reset_outstanding) {
+@@ -4126,6 +4139,9 @@ strres_nochunk:
+ } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) {
+ struct sctp_stream_reset_add_strm *str_add;
+
++ if (param_len < sizeof(struct
sctp_stream_reset_add_strm)) {
++ break;
++ }
+ str_add = (struct sctp_stream_reset_add_strm *)ph;
+ num_req++;
+ sctp_handle_str_reset_add_strm(stcb, chk, str_add);
+@@ -4132,6 +4148,9 @@ strres_nochunk:
+ } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) {
+ struct sctp_stream_reset_add_strm *str_add;
+
++ if (param_len < sizeof(struct
sctp_stream_reset_add_strm)) {
++ break;
++ }
+ str_add = (struct sctp_stream_reset_add_strm *)ph;
+ num_req++;
+ sctp_handle_str_reset_add_out_strm(stcb, chk, str_add);
+@@ -4156,6 +4175,9 @@ strres_nochunk:
+ struct sctp_stream_reset_response *resp;
+ uint32_t result;
+
++ if (param_len < sizeof(struct
sctp_stream_reset_response)) {
++ break;
++ }
+ resp = (struct sctp_stream_reset_response *)ph;
+ seq = ntohl(resp->response_seq);
+ result = ntohl(resp->result);
+@@ -4167,7 +4189,11 @@ strres_nochunk:
+ break;
+ }
+ offset += SCTP_SIZE32(param_len);
+- chk_length -= SCTP_SIZE32(param_len);
++ if (remaining_length >= SCTP_SIZE32(param_len)) {
++ remaining_length -= SCTP_SIZE32(param_len);
++ } else {
++ remaining_length = 0;
++ }
+ }
+ if (num_req == 0) {
+ /* we have no response free the stuff */
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild
b/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild
similarity index 96%
rename from sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild
rename to sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild
index 0e7a8df..fce83da 100644
--- a/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild
@@ -42,7 +42,9 @@ PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch"
"${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch"
"${FILESDIR}/${PN}-7.1-includes.patch"
"${FILESDIR}/${PN}-9.0-sysctluint.patch"
- "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" )
+ "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch"
+ "${FILESDIR}/${PN}-10.1-cve-2014-8612.patch"
+ "${FILESDIR}/${PN}-10.1-cve-2014-8613.patch" )
pkg_setup() {
# Force set CC=clang. when using gcc, aesni fails to build.
