diff options
| author |   Alexis Ballier <aballier@gentoo.org> | 2009-01-08 18:35:47 +0000 |
|---|---|---|
| committer | Alexis Ballier <aballier@gentoo.org> | 2009-01-08 18:35:47 +0000 |
| commit | d86b89375cc500a43b4f680f890a0a7051aa08da (patch) | |
| tree | b60858081acb61d03323444e5562783c4b7a0bbf /sys-freebsd | |
| parent | bump to 1.2.5, fixes #254238 (diff) | |
| download | gentoo-2-d86b89375cc500a43b4f680f890a0a7051aa08da.tar.gz gentoo-2-d86b89375cc500a43b4f680f890a0a7051aa08da.tar.bz2 gentoo-2-d86b89375cc500a43b4f680f890a0a7051aa08da.zip | |
Fix module symbols export with latest binutils, grab a bunch of security fixes from security.freebsd.org.
(Portage version: 2.2_rc20/cvs/Linux 2.6.28 x86_64)
Diffstat (limited to 'sys-freebsd')
8 files changed, 406 insertions, 1 deletions
diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog index fc7d77afcfd8..850a7c065f41 100644 --- a/sys-freebsd/freebsd-sources/ChangeLog +++ b/sys-freebsd/freebsd-sources/ChangeLog @@ -1,6 +1,19 @@ # ChangeLog for sys-freebsd/freebsd-sources # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.43 2009/01/08 17:55:02 aballier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.44 2009/01/08 18:35:47 aballier Exp $ + +*freebsd-sources-6.2-r5 (08 Jan 2009) + + 08 Jan 2009; Alexis Ballier <aballier@gentoo.org> + +files/freebsd-sources-6.2-amd64.patch, + +files/freebsd-sources-6.2-arc4random6x.patch, + +files/freebsd-sources-6.2-icmp6.patch, + +files/freebsd-sources-6.2-nd6-6.patch, + +files/freebsd-sources-6.2-protosw6x.patch, + +files/freebsd-sources-7.0-binutils_link.patch, + +freebsd-sources-6.2-r5.ebuild: + Fix module symbols export with latest binutils, grab a bunch of security + fixes from security.freebsd.org. 08 Jan 2009; Alexis Ballier <aballier@gentoo.org> -freebsd-sources-6.2.ebuild, -freebsd-sources-6.2-r1.ebuild, diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-amd64.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-amd64.patch new file mode 100644 index 000000000000..9e910317cef2 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-amd64.patch @@ -0,0 +1,25 @@ +Index: sys/amd64/amd64/exception.S +=================================================================== +RCS file: /home/ncvs/src/sys/amd64/amd64/exception.S,v +retrieving revision 1.132 +retrieving revision 1.133 +diff -u -d -r1.132 -r1.133 +--- sys/amd64/amd64/exception.S 24 May 2008 06:32:26 -0000 1.132 ++++ sys/amd64/amd64/exception.S 18 Aug 2008 08:47:27 -0000 1.133 +@@ -636,13 +636,10 @@ + .globl doreti_iret_fault + doreti_iret_fault: + subq $TF_RIP,%rsp /* space including tf_err, tf_trapno */ +- testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ +- jz 1f /* already running with kernel GS.base */ +- swapgs +-1: testl $PSL_I,TF_RFLAGS(%rsp) +- jz 2f ++ testl $PSL_I,TF_RFLAGS(%rsp) ++ jz 1f + sti +-2: movq %rdi,TF_RDI(%rsp) ++1: movq %rdi,TF_RDI(%rsp) + movq %rsi,TF_RSI(%rsp) + movq %rdx,TF_RDX(%rsp) + movq %rcx,TF_RCX(%rsp) diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-arc4random6x.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-arc4random6x.patch new file mode 100644 index 000000000000..1fda03c8f150 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-arc4random6x.patch @@ -0,0 +1,81 @@ +Index: sys/dev/random/randomdev.c +=================================================================== +--- sys/dev/random/randomdev.c (revision 185214) ++++ sys/dev/random/randomdev.c (working copy) +@@ -89,6 +89,7 @@ + && (securelevel_gt(td->td_ucred, 0) == 0)) { + (*random_systat.reseed)(); + random_systat.seeded = 1; ++ arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */ + } + + return (0); +Index: sys/dev/random/randomdev_soft.c +=================================================================== +--- sys/dev/random/randomdev_soft.c (revision 185214) ++++ sys/dev/random/randomdev_soft.c (working copy) +@@ -61,6 +61,7 @@ + u_int, u_int, enum esource); + static int random_yarrow_poll(int event,struct thread *td); + static int random_yarrow_block(int flag); ++static void random_yarrow_flush_reseed(void); + + struct random_systat random_yarrow = { + .ident = "Software, Yarrow", +@@ -70,7 +71,7 @@ + .read = random_yarrow_read, + .write = random_yarrow_write, + .poll = random_yarrow_poll, +- .reseed = random_yarrow_reseed, ++ .reseed = random_yarrow_flush_reseed, + .seeded = 1, + }; + +@@ -96,7 +97,7 @@ + /* Harvested entropy */ + static struct entropyfifo harvestfifo[ENTROPYSOURCE]; + +-/* <0 to end the kthread, 0 to let it run */ ++/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */ + static int random_kthread_control = 0; + + static struct proc *random_kthread_proc; +@@ -247,7 +248,7 @@ + local_count = 0; + + /* Process until told to stop */ +- for (; random_kthread_control == 0;) { ++ for (; random_kthread_control >= 0;) { + + active = 0; + +@@ -282,6 +283,13 @@ + KASSERT(local_count == 0, ("random_kthread: local_count %d", + local_count)); + ++ /* ++ * If a queue flush was commanded, it has now happened, ++ * and we can mark this by resetting the command. ++ */ ++ if (random_kthread_control == 1) ++ random_kthread_control = 0; ++ + /* Found nothing, so don't belabour the issue */ + if (!active) + tsleep(&harvestfifo, 0, "-", hz / 10); +@@ -406,3 +414,15 @@ + + return error; + } ++ ++/* Helper routine to perform explicit reseeds */ ++static void ++random_yarrow_flush_reseed(void) ++{ ++ /* Command a entropy queue flush and wait for it to finish */ ++ random_kthread_control = 1; ++ while (random_kthread_control) ++ tsleep(&harvestfifo, 0, "-", hz / 10); ++ ++ random_yarrow_reseed(); ++} diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-icmp6.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-icmp6.patch new file mode 100644 index 000000000000..6b97b16b3f97 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-icmp6.patch @@ -0,0 +1,23 @@ +Index: sys/netinet6/icmp6.c +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/icmp6.c,v +retrieving revision 1.80.2.4 +diff -u -p -r1.80.2.4 icmp6.c +--- sys/netinet6/icmp6.c 31 Aug 2008 21:54:24 -0000 1.80.2.4 ++++ sys/netinet6/icmp6.c 1 Sep 2008 23:03:44 -0000 +@@ -1117,6 +1117,15 @@ icmp6_mtudisc_update(struct ip6ctlparam + if (!validated) + return; + ++ /* ++ * In case the suggested mtu is less than IPV6_MMTU, we ++ * only need to remember that it was for above mentioned ++ * "alwaysfrag" case. ++ * Try to be as close to the spec as possible. ++ */ ++ if (mtu < IPV6_MMTU) ++ mtu = IPV6_MMTU - 8; ++ + bzero(&inc, sizeof(inc)); + inc.inc_flags = 1; /* IPv6 */ + inc.inc6_faddr = *dst; diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch new file mode 100644 index 000000000000..dc32f71064f2 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch @@ -0,0 +1,86 @@ +Index: sys/netinet6/in6.h +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/in6.h,v +retrieving revision 1.36.2.9 +diff -u -p -r1.36.2.9 in6.h +--- sys/netinet6/in6.h 1 Sep 2008 22:57:56 -0000 1.36.2.9 ++++ sys/netinet6/in6.h 28 Sep 2008 21:27:09 -0000 +@@ -575,7 +575,8 @@ struct ip6_mtuinfo { + /* to define items, should talk with KAME guys first, for *BSD compatibility */ + #define IPV6CTL_STEALTH 45 + #define IPV6CTL_RTHDR0_ALLOWED 46 +-#define IPV6CTL_MAXID 47 ++#define ICMPV6CTL_ND6_ONLINKNSRFC4861 47 ++#define IPV6CTL_MAXID 48 + #endif /* __BSD_VISIBLE */ + + /* +Index: sys/netinet6/in6_proto.c +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/in6_proto.c,v +retrieving revision 1.32.2.9 +diff -u -p -r1.32.2.9 in6_proto.c +--- sys/netinet6/in6_proto.c 1 Sep 2008 22:57:56 -0000 1.32.2.9 ++++ sys/netinet6/in6_proto.c 28 Sep 2008 21:26:24 -0000 +@@ -354,6 +354,7 @@ DOMAIN_SET(inet6); + #ifndef IPV6_SENDREDIRECTS + #define IPV6_SENDREDIRECTS 1 + #endif ++int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */ + + int ip6_forwarding = IPV6FORWARDING; /* act as router? */ + int ip6_sendredirects = IPV6_SENDREDIRECTS; +@@ -553,3 +554,6 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_N + nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); + SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, + nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); ++SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, ++ nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0, ++ "Accept 'on-link' nd6 NS in compliance with RFC 4861."); +Index: sys/netinet6/nd6.h +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/nd6.h,v +retrieving revision 1.19.2.3 +diff -u -p -r1.19.2.3 nd6.h +--- sys/netinet6/nd6.h 1 Sep 2008 22:57:56 -0000 1.19.2.3 ++++ sys/netinet6/nd6.h 28 Sep 2008 21:26:24 -0000 +@@ -339,6 +339,7 @@ extern struct llinfo_nd6 llinfo_nd6; + extern struct nd_drhead nd_defrouter; + extern struct nd_prhead nd_prefix; + extern int nd6_debug; ++extern int nd6_onlink_ns_rfc4861; + + #define nd6log(x) do { if (nd6_debug) log x; } while (/*CONSTCOND*/ 0) + +Index: sys/netinet6/nd6_nbr.c +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v +retrieving revision 1.29.2.10 +diff -u -p -r1.29.2.10 nd6_nbr.c +--- sys/netinet6/nd6_nbr.c 1 Sep 2008 22:57:56 -0000 1.29.2.10 ++++ sys/netinet6/nd6_nbr.c 28 Sep 2008 21:26:24 -0000 +@@ -148,6 +148,24 @@ nd6_ns_input(m, off, icmp6len) + "(wrong ip6 dst)\n")); + goto bad; + } ++ } else if (!nd6_onlink_ns_rfc4861) { ++ struct sockaddr_in6 src_sa6; ++ ++ /* ++ * According to recent IETF discussions, it is not a good idea ++ * to accept a NS from an address which would not be deemed ++ * to be a neighbor otherwise. This point is expected to be ++ * clarified in future revisions of the specification. ++ */ ++ bzero(&src_sa6, sizeof(src_sa6)); ++ src_sa6.sin6_family = AF_INET6; ++ src_sa6.sin6_len = sizeof(src_sa6); ++ src_sa6.sin6_addr = saddr6; ++ if (!nd6_is_addr_neighbor(&src_sa6, ifp)) { ++ nd6log((LOG_INFO, "nd6_ns_input: " ++ "NS packet from non-neighbor\n")); ++ goto bad; ++ } + } + + if (IN6_IS_ADDR_MULTICAST(&taddr6)) { diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-protosw6x.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-protosw6x.patch new file mode 100644 index 000000000000..f1a540c3e826 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-protosw6x.patch @@ -0,0 +1,23 @@ +Index: sys/kern/uipc_domain.c +=================================================================== +--- sys/kern/uipc_domain.c (revision 186366) ++++ sys/kern/uipc_domain.c (working copy) +@@ -112,13 +112,18 @@ + + #define DEFAULT(foo, bar) if ((foo) == NULL) (foo) = (bar) + DEFAULT(pu->pru_accept, pru_accept_notsupp); ++ DEFAULT(pu->pru_bind, pru_bind_notsupp); + DEFAULT(pu->pru_connect, pru_connect_notsupp); + DEFAULT(pu->pru_connect2, pru_connect2_notsupp); + DEFAULT(pu->pru_control, pru_control_notsupp); ++ DEFAULT(pu->pru_disconnect, pru_disconnect_notsupp); + DEFAULT(pu->pru_listen, pru_listen_notsupp); ++ DEFAULT(pu->pru_peeraddr, pru_peeraddr_notsupp); + DEFAULT(pu->pru_rcvd, pru_rcvd_notsupp); + DEFAULT(pu->pru_rcvoob, pru_rcvoob_notsupp); + DEFAULT(pu->pru_sense, pru_sense_null); ++ DEFAULT(pu->pru_shutdown, pru_shutdown_notsupp); ++ DEFAULT(pu->pru_sockaddr, pru_sockaddr_notsupp); + DEFAULT(pu->pru_sosend, sosend); + DEFAULT(pu->pru_soreceive, soreceive); + DEFAULT(pu->pru_sopoll, sopoll); diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-7.0-binutils_link.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-7.0-binutils_link.patch new file mode 100644 index 000000000000..132db2e42957 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-7.0-binutils_link.patch @@ -0,0 +1,37 @@ +diff -ruN sys.orig/conf/kern.post.mk sys/conf/kern.post.mk +--- sys.orig/conf/kern.post.mk 2007-03-23 18:55:59 -0300 ++++ sys/conf/kern.post.mk 2008-06-18 19:51:13 -0300 +@@ -85,7 +85,9 @@ + ${FULLKERNEL}: ${SYSTEM_DEP} vers.o + @rm -f ${.TARGET} + @echo linking ${.TARGET} +- ${SYSTEM_LD} ++ ${SYSTEM_LD} -o ${.TARGET}.tmp ++ @sh $S/tools/gen-ld-u-options ${.TARGET}.tmp > ${.TARGET}.lopt ++ ${SYSTEM_LD} "@${.TARGET}.lopt" + .if !defined(DEBUG) + ${OBJCOPY} --strip-debug ${.TARGET} + .endif +diff -ruN sys.orig/conf/kmod.mk sys/conf/kmod.mk +--- sys.orig/conf/kmod.mk 2008-06-18 09:11:53 -0300 ++++ sys/conf/kmod.mk 2008-06-18 19:50:01 -0300 +@@ -176,7 +176,8 @@ + + .if ${MACHINE_ARCH} != amd64 + ${FULLPROG}: ${KMOD}.kld +- ${LD} -Bshareable ${LDFLAGS} -o ${.TARGET} ${KMOD}.kld ++ sh ./@/tools/gen-ld-u-options ${KMOD}.kld > ${KMOD}.lopt ++ ${LD} -Bshareable ${LDFLAGS} -o ${.TARGET} ${KMOD}.kld "@${KMOD}.lopt" + .if !defined(DEBUG_FLAGS) + ${OBJCOPY} --strip-debug ${.TARGET} + .endif +diff -ruN sys.orig/tools/gen-ld-u-options sys/tools/gen-ld-u-options +--- sys.orig/tools/gen-ld-u-options 1969-12-31 21:00:00 -0300 ++++ sys/tools/gen-ld-u-options 2008-06-18 19:47:56 -0300 +@@ -0,0 +1,6 @@ ++#!/bin/sh ++ ++for i in `objdump -h -w $1 | grep set_ | cut -c5- | cut -f1 -d " "` ++do ++ echo -n " -u __start_$i -u __stop_$i " ++done diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r5.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r5.ebuild new file mode 100644 index 000000000000..5ad995cc19aa --- /dev/null +++ b/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r5.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-6.2-r5.ebuild,v 1.1 2009/01/08 18:35:47 aballier Exp $ + +inherit bsdmk freebsd flag-o-matic + +DESCRIPTION="FreeBSD kernel sources" +SLOT="${PVR}" +KEYWORDS="~sparc-fbsd ~x86-fbsd" + +IUSE="symlink" + +SRC_URI="mirror://gentoo/${SYS}.tar.bz2" + +RDEPEND=">=sys-freebsd/freebsd-mk-defs-6.0-r1" +DEPEND="" + +RESTRICT="strip binchecks" + +S="${WORKDIR}/sys" + +MY_PVR="${PVR}" + +[[ ${MY_PVR} == "${RV}" ]] && MY_PVR="${MY_PVR}-r0" + +src_unpack() { + unpack ${A} + cd "${S}" + + # This replaces the gentoover patch, it doesn't need reapply every time. + sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \ + -e 's:^BRANCH=.*:BRANCH="Gentoo":' \ + -e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \ + "${S}/conf/newvers.sh" + + epatch "${FILESDIR}/${PN}-gentoo.patch" + epatch "${FILESDIR}/${PN}-6.0-flex-2.5.31.patch" + epatch "${FILESDIR}/${PN}-6.0-asm.patch" + epatch "${FILESDIR}/${PN}-6.0-werror.patch" + epatch "${FILESDIR}/${PN}-6.2-gcc41.patch" + epatch "${FILESDIR}/${PN}-6.2-sparc64.patch" + epatch "${FILESDIR}/${PN}-6.1-ntfs.patch" + epatch "${FILESDIR}/${PN}-6.2-debug-O2.patch" + epatch "${FILESDIR}/${PN}-6.2-dl_iterate_phdr.patch" + epatch "${FILESDIR}/${PN}-6.2-posix-monotonic-clock.patch" + + # Errata patches + epatch "${FILESDIR}/${P}-EN-07:02.net.patch" + epatch "${FILESDIR}/${P}-unp_gc.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc + epatch "${FILESDIR}/${P}-ipv6.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-07:09.random.asc + epatch "${FILESDIR}/${P}-random.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc + epatch "${FILESDIR}/${P}-sendfile.patch" + + # Fix modules symbol export with latest binutils + epatch "${FILESDIR}/${PN}-7.0-binutils_link.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc + epatch "${FILESDIR}/${P}-amd64.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc + epatch "${FILESDIR}/${P}-icmp6.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc + epatch "${FILESDIR}/${P}-nd6-6.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc + epatch "${FILESDIR}/${P}-arc4random6x.patch" + + # http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc + epatch "${FILESDIR}/${P}-protosw6x.patch" + + # Disable SSP for the kernel + grep -Zlr -- -ffreestanding "${S}" | xargs -0 sed -i -e \ + "s:-ffreestanding:-ffreestanding $(test-flags -fno-stack-protector -fno-stack-protector-all):g" +} + +src_compile() { + einfo "Nothing to compile.." +} + +src_install() { + insinto "/usr/src/sys-${MY_PVR}" + doins -r "${S}/"* +} + +pkg_postinst() { + if [[ ! -L "${ROOT}/usr/src/sys" ]]; then + einfo "/usr/src/sys symlink doesn't exist; creating symlink to sys-${MY_PVR}..." + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + # just in case... + [[ -L ""${ROOT}/usr/src/sys-${RV}"" ]] && rm "${ROOT}/usr/src/sys-${RV}" + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys-${RV}" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys-${RV} symlink." + elif use symlink; then + einfo "Updating /usr/src/sys symlink to sys-${MY_PVR}..." + rm "${ROOT}/usr/src/sys" "${ROOT}/usr/src/sys-${RV}" || \ + eerror "Couldn't remove previous symlinks, please fix manually." + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys symlink." + ln -sf "sys-${MY_PVR}" "${ROOT}/usr/src/sys-${RV}" || \ + eerror "Couldn't create ${ROOT}/usr/src/sys-${RV} symlink." + fi + + if use sparc-fbsd ; then + ewarn "WARNING: kldload currently causes kernel panics" + ewarn "on sparc64. This is probably a gcc-4.1 issue, but" + ewarn "we need gcc-4.1 to compile the kernel correctly :/" + ewarn "Please compile all modules you need into the kernel" + fi +} |