1 |
commit: eb758f6a55fff9cc369b15c431540bb99e56c10b |
2 |
Author: Yuta SATOH <nigoro <AT> gentoo <DOT> gr <DOT> jp> |
3 |
AuthorDate: Sat Jan 31 09:56:03 2015 +0000 |
4 |
Commit: Yuta SATOH <nigoro.gentoo <AT> 0x100 <DOT> com> |
5 |
CommitDate: Sat Jan 31 09:56:03 2015 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/gentoo-bsd.git;a=commit;h=eb758f6a |
7 |
|
8 |
freebsd-sources-10.1.0.9999-r1: security fix CVE-2014-8612, CVE-2014-8613 |
9 |
|
10 |
--- |
11 |
sys-freebsd/freebsd-sources/Manifest | 4 +- |
12 |
.../files/freebsd-sources-10.1-cve-2014-8612.patch | 45 ++++++++ |
13 |
.../files/freebsd-sources-10.1-cve-2014-8613.patch | 119 +++++++++++++++++++++ |
14 |
...build => freebsd-sources-10.1.0.9999-r1.ebuild} | 4 +- |
15 |
4 files changed, 170 insertions(+), 2 deletions(-) |
16 |
|
17 |
diff --git a/sys-freebsd/freebsd-sources/Manifest b/sys-freebsd/freebsd-sources/Manifest |
18 |
index 4d7802d..ff1ec0e 100644 |
19 |
--- a/sys-freebsd/freebsd-sources/Manifest |
20 |
+++ b/sys-freebsd/freebsd-sources/Manifest |
21 |
@@ -3,6 +3,8 @@ AUX freebsd-sources-10.0-EN-1407-pmap.patch 520 SHA256 64f3fc5765449538fecd6a911 |
22 |
AUX freebsd-sources-10.0-SA-1417-kmem.patch 10626 SHA256 217fed19e36d6febc973f2eff141e9d10ff5700122126b9097c36f9642b168e7 SHA512 0706bef96076723a92664316573c2a877e090213ea50fdde2418d8ea7d98acc76fd45832bb9b66a5af45b6fc97e9d6ab11e7aa561514a4c59ed3afce516d3581 WHIRLPOOL f06b189d12ee4dd7ccec1d84b68297d2b3e33c832440f01c94c07cf5e051e9fa8ef782c28d01f976a017941f832da0be88700575f1092498aaffb7eb931821ac |
23 |
AUX freebsd-sources-10.0-clang34.patch 838 SHA256 2f1b02ff11ac48958857fa07168ea27f4974884cdf850f54f3c61541bf9617d2 SHA512 63403f328a2c394aefc66a6230e5c7699ca59d809780686055152f53ce5f7b86b7f2b083951e5e51d0a34ed20561f2473a22c3af8919f0336bf6f10a9db03113 WHIRLPOOL 5d0779ea5f5609f629d9751e365997ac39c2eaab3c0b8f2153b0ed17bf08896b581f3c109a51634be820f0e40b3cc18c6072b1540a1a270099263c63adfb3d67 |
24 |
AUX freebsd-sources-10.0-gentoo.patch 713 SHA256 13588f0572ba95c86beb755ce3d681c963e220694e3c0b3aae29faf05f8479da SHA512 98b8d1bf033b9bd7147f10e5bb4a39ac4883ec02ef0cc3825541ff11cb9bfe5e7722e7b8dcefe4c356f9fb0f86ec5cad6fbf9b80dbfd04149142fea5f8712d4d WHIRLPOOL 6372ec9abb566d06db174dd20785ab1768487ac2d57799fabad2d45cb77418f0e39aa0bad745c873e1c50de86a70fa80890f7f2f377f6a53f4fd5b7a6fa49edf |
25 |
+AUX freebsd-sources-10.1-cve-2014-8612.patch 2097 SHA256 c8ade882a39dd8f65c34b175457cdd93be6eafea67ffb5f977435d48a19b6b68 SHA512 b233ae1d249bdbf516aba611d081a5a6ccaaab32f9e281cce65136c68c6a47362eac33398d6849a45e4e1c30f02a482287d6339069d29ece0aa5c4d9101e24a4 WHIRLPOOL 4713b4d896c561d47686b9f1d53a7e3c912fc58c8039529f0ae244b2cc533aabf20f386a1f9bc8632849ebd084d3739b6be55d4f39a00d484d5d230755497b69 |
26 |
+AUX freebsd-sources-10.1-cve-2014-8613.patch 4181 SHA256 61b5e717e88671ecc3da9c2b11d4c6d5ddc26f529ed19cb8ce588743cd00af9d SHA512 30deeb82af385abb0b57cc02752e72d8dda37688df99038910f04558ab064624cb576b1989ba8a7674e3a9046f9607be90596d9bdfb2f28900568291b0f96717 WHIRLPOOL 1073a364805b0ef8377dae6e3cd1665de6e4e99612549081fd794a4d92b4b4ee583a68e66f089340dc35129e3fb0bcf00b14b5b71304b6dac744d9a852530fbe |
27 |
AUX freebsd-sources-6.0-flex-2.5.31.patch 826 SHA256 8aaf240a344106fc5434fd098eb6555a554d16513b71c95f93a93388021c3d99 SHA512 7183b1923019df12849e7d3984c4227d65275077cf95c3b0719b99dc852234eb3813db0e69e9c34bdfca45a59f7340209211d0b7a2a5074c2d1ad8ea0a3a3f64 WHIRLPOOL 620ae55a54333c55e44247aad76be467bdfa491dac646f65dc0e0b6b1a95fe8edf5087e9ed68abeac1ef6db1a91c0e673342bf44f8753b6b8a5dce889137cdcc |
28 |
AUX freebsd-sources-6.1-ntfs.patch 1043 SHA256 2eb0e22bea267d7ac41c3dec81682d3cc1f1744316ea39342e2aaae1f2dca469 SHA512 5401b50ed93bd9155b8adc3f0d6ec81b6e48431bb950cdf468be2e918553e19cd88a1988cdad49be2a34a1db44419cb9eb7067ff0fb1feb8b3f6373aa3c262ad WHIRLPOOL bf4821beae08e002f290286bc290b2bfeac86db46c1597232f06a23e505d720e34841393d9fb4d7276ff7b98c1c133aae5d58c3ec7b8f12712b51260b981bd14 |
29 |
AUX freebsd-sources-7.0-tmpfs_whiteout_stub.patch 1015 SHA256 7857fc90c6d5ed28d848146d50ab5bcd01f79ad3480ad1335929f08e45afbc44 SHA512 9dc96b967869efd7480785977764e879bf50978b5e609867e678574f9ed1476695690832bdb725eaebc8d93e83b4a0b3fe9f23b94e2de072a6540a168b13c4a7 WHIRLPOOL 6841f24f2d3ff569ff0e7bd4d628955c9b61b41aa039bdd1e736fa82f737842101c212d8ae8961d1db335e53ba332cdbec1d021a4c57520e426926981bca4512 |
30 |
@@ -23,6 +25,6 @@ AUX freebsd-sources-9.2-gentoo.patch 716 SHA256 9a196adef145f57bf960b936f69065f6 |
31 |
AUX freebsd-sources-cve-2012-0217.patch 856 SHA256 9b752e65a29b2b9a4a1412765d69d00310c05508af1cfa6d8d3c16d545bb3ffe SHA512 b1ac18cae23b81fd5ab2fcb44bb9f9808d6eb80f52b8572b81296fdd0b18edee62460520bc753848283d67e13367bf99775a2a5c6cf0272def9cdff6ec6fa4d9 WHIRLPOOL 27e4d0647c5275b77123bef6b866ac841af4b1b547fc663f776da82a7889995eba21b930adeabf2a71b3fbe053d2af5583cbdb6e8fd16a0379d10214d24b9121 |
32 |
AUX freebsd-sources-cve-2012-4576.patch 561 SHA256 c3ad42e10164eaa3d928fd11a68b5ab490981b5d4684315e7e78c582e680d6c2 SHA512 451fb9be983672fa8d85d34bf13b67e70ac4bbda44da0c16ee484349bcf4e9ad795f66c36b5216bbcf022f709727dc19760e9f23b001a5768d9fa15dbad8122a WHIRLPOOL 2f261add2b2d9014782198b564a807f1a61917e0fbe91354ce5b1a685b27e312e699b7dc799f1653c952864633be84dda110e37f74378a3c5f1c5aacacb6811d |
33 |
EBUILD freebsd-sources-10.0.0.9999-r4.ebuild 3767 SHA256 157f4aca34c64778cb10fa0682ef2bcb71234a75d764617a2b565335a5fe0e06 SHA512 4404b0ca857ef88bad1f36238f79ee82a4806fee0207dfaa64c0e152d59f0a86450666d7fe0bff6134fdf8bffda0181f8169d68ae379d5016e49f1f4584f1fc6 WHIRLPOOL b7b8c3cf385134d59d76aa791cec0a290fd0c7c93c2d464084bdff8c4f6f074bff39a1d16ee7008d1b5024c9e75f1b78f07f33ac101a8426875e0e2a72abb0d5 |
34 |
-EBUILD freebsd-sources-10.1.0.9999.ebuild 3814 SHA256 15e88cf6f13b0e0698535339184fc44e1b8da85e07f1ac36963c670a253c5823 SHA512 c84eb19285831a9c67452a8a9f6c837f88b5d64fa6307bbc12143d70c90fb2ec70156d2fbb218e581e6e70467a3cb278c0f4359ad0706f16521ad2007cd43a22 WHIRLPOOL 3d6ebc4a1f68147cdd2845568ea750c3cdb6cdb4ddfbb2c572a0d832db5903206fbc830cbed129987036a7a123cb9a532345503998b3ba99c37c88b78c107675 |
35 |
+EBUILD freebsd-sources-10.1.0.9999-r1.ebuild 3906 SHA256 ab19bc3a80568fa08a0f155bb044d9c2e8376c47d46348beb7da74d65be71a73 SHA512 7c8dc6d0892210598e65718e59c46b43b1d37a85c3c1cc11188b8eee5220f5394caa965a02c439cd0051ce94f1525c61573bb896c207966bd112ec6f705331e8 WHIRLPOOL d9f4b5f989a9ee44b899cb129d0c3eb1dee5fc796f732a9125e7e751d4933c8068f1d45a1ffbfda71ffb5729e31888231e17333eae248b01a8b412a21d252510 |
36 |
EBUILD freebsd-sources-9.3.0.9999.ebuild 3480 SHA256 53444c2041f38e45f405f11f3ca98f833ddaec78d0ec9fd2c4d11d2826455404 SHA512 0d77fbb0c7a02d04f728f728ae89b1839fa042aa29d28189bbf82f378dd909d711f04cad5e9aab2b7ba2796dd50526475f7842664d63d09452a6359b995ef795 WHIRLPOOL 032aa9f584e58d1431d542968b927b670b40668e6350e1c3b05e38357d4da0a922ee5bdade75c1d5ca51727b3930cbe1803dec36cabcf91057e4406db2bca9a8 |
37 |
MISC metadata.xml 410 SHA256 f29a086ab076d7e7924571990c4cab73cce2aec303e10cf3be057dfa0c8b27fd SHA512 d949aac7499d418fce878c099d47713112e1856346dbf7478e95c14f37a5f2c2fbd580a21b2330712e439d5be235bc2de69ac182bd46c1727e95fbb3b081dd0f WHIRLPOOL ffc6ba7653dfa4be5d63231043a64c85a3ad2409f98b8e1f9cf03dd51edb84b1ed0add5a613e591e9f2409c92e3be08e8b3f7f2073fa45f362c19ef72ec7f63d |
38 |
|
39 |
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch |
40 |
new file mode 100644 |
41 |
index 0000000..7c615d3 |
42 |
--- /dev/null |
43 |
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch |
44 |
@@ -0,0 +1,45 @@ |
45 |
+Index: sys/netinet/sctp_usrreq.c |
46 |
+=================================================================== |
47 |
+--- sys/netinet/sctp_usrreq.c (revision 277788) |
48 |
++++ sys/netinet/sctp_usrreq.c (working copy) |
49 |
+@@ -1863,8 +1863,9 @@ flags_out: |
50 |
+ SCTP_CHECK_AND_CAST(av, optval, struct sctp_stream_value, *optsize); |
51 |
+ SCTP_FIND_STCB(inp, stcb, av->assoc_id); |
52 |
+ if (stcb) { |
53 |
+- if (stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], |
54 |
+- &av->stream_value) < 0) { |
55 |
++ if ((av->stream_id >= stcb->asoc.streamoutcnt) || |
56 |
++ (stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], |
57 |
++ &av->stream_value) < 0)) { |
58 |
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); |
59 |
+ error = EINVAL; |
60 |
+ } else { |
61 |
+@@ -4032,8 +4033,9 @@ sctp_setopt(struct socket *so, int optname, void * |
62 |
+ SCTP_CHECK_AND_CAST(av, optval, struct sctp_stream_value, optsize); |
63 |
+ SCTP_FIND_STCB(inp, stcb, av->assoc_id); |
64 |
+ if (stcb) { |
65 |
+- if (stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], |
66 |
+- av->stream_value) < 0) { |
67 |
++ if ((av->stream_id >= stcb->asoc.streamoutcnt) || |
68 |
++ (stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc, &stcb->asoc.strmout[av->stream_id], |
69 |
++ av->stream_value) < 0)) { |
70 |
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); |
71 |
+ error = EINVAL; |
72 |
+ } |
73 |
+@@ -4043,10 +4045,12 @@ sctp_setopt(struct socket *so, int optname, void * |
74 |
+ SCTP_INP_RLOCK(inp); |
75 |
+ LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { |
76 |
+ SCTP_TCB_LOCK(stcb); |
77 |
+- stcb->asoc.ss_functions.sctp_ss_set_value(stcb, |
78 |
+- &stcb->asoc, |
79 |
+- &stcb->asoc.strmout[av->stream_id], |
80 |
+- av->stream_value); |
81 |
++ if (av->stream_id < stcb->asoc.streamoutcnt) { |
82 |
++ stcb->asoc.ss_functions.sctp_ss_set_value(stcb, |
83 |
++ &stcb->asoc, |
84 |
++ &stcb->asoc.strmout[av->stream_id], |
85 |
++ av->stream_value); |
86 |
++ } |
87 |
+ SCTP_TCB_UNLOCK(stcb); |
88 |
+ } |
89 |
+ SCTP_INP_RUNLOCK(inp); |
90 |
|
91 |
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch |
92 |
new file mode 100644 |
93 |
index 0000000..1e2fe91 |
94 |
--- /dev/null |
95 |
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch |
96 |
@@ -0,0 +1,119 @@ |
97 |
+Index: sys/netinet/sctp_input.c |
98 |
+=================================================================== |
99 |
+--- sys/netinet/sctp_input.c (revision 277788) |
100 |
++++ sys/netinet/sctp_input.c (working copy) |
101 |
+@@ -3649,6 +3649,9 @@ sctp_handle_stream_reset_response(struct sctp_tcb |
102 |
+ /* huh ? */ |
103 |
+ return (0); |
104 |
+ } |
105 |
++ if (ntohs(respin->ph.param_length) < sizeof(struct sctp_stream_reset_response_tsn)) { |
106 |
++ return (0); |
107 |
++ } |
108 |
+ if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
109 |
+ resp = (struct sctp_stream_reset_response_tsn *)respin; |
110 |
+ asoc->stream_reset_outstanding--; |
111 |
+@@ -4037,7 +4040,7 @@ __attribute__((noinline)) |
112 |
+ sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset, |
113 |
+ struct sctp_chunkhdr *ch_req) |
114 |
+ { |
115 |
+- int chk_length, param_len, ptype; |
116 |
++ uint16_t remaining_length, param_len, ptype; |
117 |
+ struct sctp_paramhdr pstore; |
118 |
+ uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE]; |
119 |
+ uint32_t seq = 0; |
120 |
+@@ -4050,7 +4053,7 @@ __attribute__((noinline)) |
121 |
+ int num_param = 0; |
122 |
+ |
123 |
+ /* now it may be a reset or a reset-response */ |
124 |
+- chk_length = ntohs(ch_req->chunk_length); |
125 |
++ remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct sctp_chunkhdr); |
126 |
+ |
127 |
+ /* setup for adding the response */ |
128 |
+ sctp_alloc_a_chunk(stcb, chk); |
129 |
+@@ -4088,20 +4091,27 @@ strres_nochunk: |
130 |
+ ch->chunk_length = htons(chk->send_size); |
131 |
+ SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); |
132 |
+ offset += sizeof(struct sctp_chunkhdr); |
133 |
+- while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) { |
134 |
++ while (remaining_length >= sizeof(struct sctp_paramhdr)) { |
135 |
+ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(pstore), (uint8_t *) & pstore); |
136 |
+- if (ph == NULL) |
137 |
++ if (ph == NULL) { |
138 |
++ /* TSNH */ |
139 |
+ break; |
140 |
++ } |
141 |
+ param_len = ntohs(ph->param_length); |
142 |
+- if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) { |
143 |
+- /* bad param */ |
144 |
++ if ((param_len > remaining_length) || |
145 |
++ (param_len < (sizeof(struct sctp_paramhdr) + sizeof(uint32_t)))) { |
146 |
++ /* bad parameter length */ |
147 |
+ break; |
148 |
+ } |
149 |
+- ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, (int)sizeof(cstore)), |
150 |
++ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, sizeof(cstore)), |
151 |
+ (uint8_t *) & cstore); |
152 |
++ if (ph == NULL) { |
153 |
++ /* TSNH */ |
154 |
++ break; |
155 |
++ } |
156 |
+ ptype = ntohs(ph->param_type); |
157 |
+ num_param++; |
158 |
+- if (param_len > (int)sizeof(cstore)) { |
159 |
++ if (param_len > sizeof(cstore)) { |
160 |
+ trunc = 1; |
161 |
+ } else { |
162 |
+ trunc = 0; |
163 |
+@@ -4113,6 +4123,9 @@ strres_nochunk: |
164 |
+ if (ptype == SCTP_STR_RESET_OUT_REQUEST) { |
165 |
+ struct sctp_stream_reset_out_request *req_out; |
166 |
+ |
167 |
++ if (param_len < sizeof(struct sctp_stream_reset_out_request)) { |
168 |
++ break; |
169 |
++ } |
170 |
+ req_out = (struct sctp_stream_reset_out_request *)ph; |
171 |
+ num_req++; |
172 |
+ if (stcb->asoc.stream_reset_outstanding) { |
173 |
+@@ -4126,6 +4139,9 @@ strres_nochunk: |
174 |
+ } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) { |
175 |
+ struct sctp_stream_reset_add_strm *str_add; |
176 |
+ |
177 |
++ if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { |
178 |
++ break; |
179 |
++ } |
180 |
+ str_add = (struct sctp_stream_reset_add_strm *)ph; |
181 |
+ num_req++; |
182 |
+ sctp_handle_str_reset_add_strm(stcb, chk, str_add); |
183 |
+@@ -4132,6 +4148,9 @@ strres_nochunk: |
184 |
+ } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) { |
185 |
+ struct sctp_stream_reset_add_strm *str_add; |
186 |
+ |
187 |
++ if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { |
188 |
++ break; |
189 |
++ } |
190 |
+ str_add = (struct sctp_stream_reset_add_strm *)ph; |
191 |
+ num_req++; |
192 |
+ sctp_handle_str_reset_add_out_strm(stcb, chk, str_add); |
193 |
+@@ -4156,6 +4175,9 @@ strres_nochunk: |
194 |
+ struct sctp_stream_reset_response *resp; |
195 |
+ uint32_t result; |
196 |
+ |
197 |
++ if (param_len < sizeof(struct sctp_stream_reset_response)) { |
198 |
++ break; |
199 |
++ } |
200 |
+ resp = (struct sctp_stream_reset_response *)ph; |
201 |
+ seq = ntohl(resp->response_seq); |
202 |
+ result = ntohl(resp->result); |
203 |
+@@ -4167,7 +4189,11 @@ strres_nochunk: |
204 |
+ break; |
205 |
+ } |
206 |
+ offset += SCTP_SIZE32(param_len); |
207 |
+- chk_length -= SCTP_SIZE32(param_len); |
208 |
++ if (remaining_length >= SCTP_SIZE32(param_len)) { |
209 |
++ remaining_length -= SCTP_SIZE32(param_len); |
210 |
++ } else { |
211 |
++ remaining_length = 0; |
212 |
++ } |
213 |
+ } |
214 |
+ if (num_req == 0) { |
215 |
+ /* we have no response free the stuff */ |
216 |
|
217 |
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild |
218 |
similarity index 96% |
219 |
rename from sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild |
220 |
rename to sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild |
221 |
index 0e7a8df..fce83da 100644 |
222 |
--- a/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999.ebuild |
223 |
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-10.1.0.9999-r1.ebuild |
224 |
@@ -42,7 +42,9 @@ PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch" |
225 |
"${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch" |
226 |
"${FILESDIR}/${PN}-7.1-includes.patch" |
227 |
"${FILESDIR}/${PN}-9.0-sysctluint.patch" |
228 |
- "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" ) |
229 |
+ "${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" |
230 |
+ "${FILESDIR}/${PN}-10.1-cve-2014-8612.patch" |
231 |
+ "${FILESDIR}/${PN}-10.1-cve-2014-8613.patch" ) |
232 |
|
233 |
pkg_setup() { |
234 |
# Force set CC=clang. when using gcc, aesni fails to build. |