From e449e335dfcda55b7675c183a08e793352f163e6 Mon Sep 17 00:00:00 2001
From: Michał Górny <mgorny@gentoo.org>
Date: Fri, 10 Apr 2015 13:34:44 +0000
Subject: Apply a fix for FreeBSD-SA-15:09.ipv6.
 https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/91 by nigoro.

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)
---
 sys-freebsd/freebsd-sources/ChangeLog              |  10 +-
 .../files/freebsd-sources-10.1-cve-2015-2923.patch |  23 ++++
 .../freebsd-sources/freebsd-sources-10.1-r1.ebuild | 135 --------------------
 .../freebsd-sources/freebsd-sources-10.1-r2.ebuild | 138 +++++++++++++++++++++
 4 files changed, 170 insertions(+), 136 deletions(-)
 create mode 100644 sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
 delete mode 100644 sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild
 create mode 100644 sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild

(limited to 'sys-freebsd')

diff --git a/sys-freebsd/freebsd-sources/ChangeLog b/sys-freebsd/freebsd-sources/ChangeLog
index 58ae308345d8..fb5f038f2fde 100644
--- a/sys-freebsd/freebsd-sources/ChangeLog
+++ b/sys-freebsd/freebsd-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-freebsd/freebsd-sources
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.109 2015/03/15 18:06:56 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/ChangeLog,v 1.110 2015/04/10 13:34:44 mgorny Exp $
+
+*freebsd-sources-10.1-r2 (10 Apr 2015)
+
+  10 Apr 2015; Michał Górny <mgorny@gentoo.org>
+  +files/freebsd-sources-10.1-cve-2015-2923.patch,
+  +freebsd-sources-10.1-r2.ebuild, -freebsd-sources-10.1-r1.ebuild:
+  Apply a fix for FreeBSD-SA-15:09.ipv6. https://github.com/gentoo/gentoo-
+  portage-rsync-mirror/pull/91 by nigoro.
 
   15 Mar 2015; Michał Górny <mgorny@gentoo.org> freebsd-sources-10.1-r1.ebuild:
   Support upgrades from 9.x. https://github.com/gentoo/gentoo-portage-rsync-
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
new file mode 100644
index 000000000000..430e1b192ab1
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
@@ -0,0 +1,23 @@
+Index: sys/netinet6/nd6_rtr.c
+===================================================================
+--- sys/netinet6/nd6_rtr.c	(revision 280920)
++++ sys/netinet6/nd6_rtr.c	(working copy)
+@@ -296,8 +296,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len
+ 	}
+ 	if (nd_ra->nd_ra_retransmit)
+ 		ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
+-	if (nd_ra->nd_ra_curhoplimit)
+-		ndi->chlim = nd_ra->nd_ra_curhoplimit;
++	if (nd_ra->nd_ra_curhoplimit) {
++		if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
++			ndi->chlim = nd_ra->nd_ra_curhoplimit;
++		else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
++			log(LOG_ERR, "RA with a lower CurHopLimit sent from "
++			    "%s on %s (current = %d, received = %d). "
++			    "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
++			    if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
++		}
++	}
+ 	dr = defrtrlist_update(&dr0);
+     }
+ 
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild
deleted file mode 100644
index c54b8bdb8f24..000000000000
--- a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r1.ebuild,v 1.2 2015/03/15 18:06:56 mgorny Exp $
-
-EAPI=5
-
-inherit bsdmk freebsd flag-o-matic toolchain-funcs
-
-DESCRIPTION="FreeBSD kernel sources"
-SLOT="0"
-
-IUSE="+build-kernel debug dtrace profile zfs"
-
-if [[ ${PV} != *9999* ]]; then
-	KEYWORDS="~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
-	SRC_URI="http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${SYS}.tar.xz
-		http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${CONTRIB}.tar.xz
-		http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${UBIN}.tar.xz"
-fi
-
-RDEPEND="dtrace? ( >=sys-freebsd/freebsd-cddl-9.2_rc1 )
-	=sys-freebsd/freebsd-mk-defs-${RV}*
-	!sys-freebsd/virtio-kmod
-	!sys-fs/fuse4bsd
-	!<sys-freebsd/freebsd-sources-9.2_beta1"
-DEPEND="build-kernel? (
-		dtrace? ( >=sys-freebsd/freebsd-cddl-9.2_rc1 )
-		!sparc-fbsd? ( sys-devel/clang )
-		>=sys-freebsd/freebsd-usbin-9.1
-		=sys-freebsd/freebsd-mk-defs-${RV}*
-	)"
-
-RESTRICT="strip binchecks"
-
-S="${WORKDIR}/sys"
-
-KERN_BUILD=GENTOO
-
-PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch"
-	"${FILESDIR}/${PN}-10.0-gentoo.patch"
-	"${FILESDIR}/${PN}-6.0-flex-2.5.31.patch"
-	"${FILESDIR}/${PN}-7.1-types.h-fix.patch"
-	"${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch"
-	"${FILESDIR}/${PN}-7.1-includes.patch"
-	"${FILESDIR}/${PN}-9.0-sysctluint.patch"
-	"${FILESDIR}/${PN}-9.2-gentoo-gcc.patch"
-	"${FILESDIR}/${PN}-10.1-cve-2014-8612.patch"
-	"${FILESDIR}/${PN}-10.1-cve-2014-8613.patch"
-	"${FILESDIR}/${PN}-10.1-cve-2015-1414.patch"
-	"${FILESDIR}/${PN}-10.1-en-1501-vt.patch" )
-
-pkg_setup() {
-	# Force set CC=clang. when using gcc, aesni fails to build.
-	use sparc-fbsd || export CC=clang
-	use zfs || mymakeopts="${mymakeopts} WITHOUT_CDDL="
-}
-
-src_prepare() {
-	local conf="${S}/$(tc-arch-kernel)/conf/${KERN_BUILD}"
-
-	# This replaces the gentoover patch, it doesn't need reapply every time.
-	sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \
-		-e 's:^BRANCH=.*:BRANCH="Gentoo":' \
-		-e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \
-		"${S}/conf/newvers.sh"
-
-	# __FreeBSD_cc_version comes from FreeBSD's gcc.
-	# on 10.0-RELEASE it's 1000001.
-	# FYI, can get it from gnu/usr.bin/cc/cc_tools/freebsd-native.h.
-	sed -e "s:-D_KERNEL:-D_KERNEL -D__FreeBSD_cc_version=1000001:g" \
-		-i "${S}/conf/kern.pre.mk" \
-		-i "${S}/conf/kmod.mk" || die "Couldn't set __FreeBSD_cc_version"
-
-	# Remove -Werror
-	sed -e "s:-Werror:-Wno-error:g" \
-		-i "${S}/conf/kern.pre.mk" \
-		-i "${S}/conf/kmod.mk" || die
-
-	# Set the kernel configuration using USE flags.
-	cp -f "${FILESDIR}/config-GENTOO" "${conf}" || die
-	use debug || echo 'nomakeoptions DEBUG' >> "${conf}"
-	use dtrace || echo 'nomakeoptions WITH_CTF' >> "${conf}"
-
-	# Only used with USE=build-kernel, let the kernel build with its own flags, its safer.
-	unset LDFLAGS CFLAGS CXXFLAGS ASFLAGS KERNEL
-}
-
-src_configure() {
-	if use build-kernel ; then
-		tc-export CC
-		cd "${S}/$(tc-arch-kernel)/conf" || die
-		config ${KERN_BUILD} || die
-	fi
-}
-
-src_compile() {
-	if use build-kernel ; then
-		if has_version "<sys-freebsd/freebsd-ubin-10.0"; then
-			cd "${WORKDIR}"/usr.bin/bmake || die
-			CC=${CHOST}-gcc freebsd_src_compile
-			export BMAKE="${WORKDIR}/usr.bin/bmake/make"
-		fi
-		cd "${S}/$(tc-arch-kernel)/compile/${KERN_BUILD}" || die
-		freebsd_src_compile depend
-		freebsd_src_compile
-	else
-		einfo "Nothing to compile.."
-	fi
-}
-
-src_install() {
-	if use build-kernel ; then
-		cd "${S}/$(tc-arch-kernel)/compile/${KERN_BUILD}" || die
-		freebsd_src_install
-		rm -rf "${S}/$(tc-arch-kernel)/compile/${KERN_BUILD}"
-		cd "${S}"
-	fi
-
-	insinto "/usr/src/sys"
-	doins -r "${S}/"*
-}
-
-pkg_preinst() {
-	if [[ -L "${ROOT}/usr/src/sys" ]]; then
-		einfo "/usr/src/sys is a symlink, removing it..."
-		rm -f "${ROOT}/usr/src/sys"
-	fi
-
-	if use sparc-fbsd ; then
-		ewarn "WARNING: kldload currently causes kernel panics"
-		ewarn "on sparc64. This is probably a gcc-4.1 issue, but"
-		ewarn "we need gcc-4.1 to compile the kernel correctly :/"
-		ewarn "Please compile all modules you need into the kernel"
-	fi
-}
diff --git a/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild
new file mode 100644
index 000000000000..ed7b2632bbc9
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-sources/freebsd-sources-10.1-r2.ebuild,v 1.1 2015/04/10 13:34:44 mgorny Exp $
+
+EAPI=5
+
+inherit bsdmk freebsd flag-o-matic toolchain-funcs
+
+DESCRIPTION="FreeBSD kernel sources"
+SLOT="0"
+
+IUSE="+build-kernel debug dtrace profile zfs"
+
+if [[ ${PV} != *9999* ]]; then
+	KEYWORDS="~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+	SRC_URI="http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${SYS}.tar.xz
+		http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${CONTRIB}.tar.xz
+		http://dev.gentoo.org/~mgorny/dist/freebsd/${RV}/${UBIN}.tar.xz"
+fi
+
+RDEPEND="dtrace? ( >=sys-freebsd/freebsd-cddl-9.2_rc1 )
+	=sys-freebsd/freebsd-mk-defs-${RV}*
+	!sys-freebsd/virtio-kmod
+	!sys-fs/fuse4bsd
+	!<sys-freebsd/freebsd-sources-9.2_beta1"
+DEPEND="build-kernel? (
+		dtrace? ( >=sys-freebsd/freebsd-cddl-9.2_rc1 )
+		!sparc-fbsd? ( sys-devel/clang )
+		>=sys-freebsd/freebsd-usbin-9.1
+		=sys-freebsd/freebsd-mk-defs-${RV}*
+	)"
+
+RESTRICT="strip binchecks"
+
+S="${WORKDIR}/sys"
+
+KERN_BUILD=GENTOO
+
+PATCHES=( "${FILESDIR}/${PN}-9.0-disable-optimization.patch"
+	"${FILESDIR}/${PN}-10.0-gentoo.patch"
+	"${FILESDIR}/${PN}-6.0-flex-2.5.31.patch"
+	"${FILESDIR}/${PN}-7.1-types.h-fix.patch"
+	"${FILESDIR}/${PN}-8.0-subnet-route-pr40133.patch"
+	"${FILESDIR}/${PN}-7.1-includes.patch"
+	"${FILESDIR}/${PN}-9.0-sysctluint.patch"
+	"${FILESDIR}/${PN}-9.2-gentoo-gcc.patch" )
+
+# Fix Security Advisory and Errata.
+PATCHES+=( "${FILESDIR}/${PN}-10.1-cve-2014-8612.patch"
+	"${FILESDIR}/${PN}-10.1-cve-2014-8613.patch"
+	"${FILESDIR}/${PN}-10.1-cve-2015-1414.patch"
+	"${FILESDIR}/${PN}-10.1-cve-2015-2923.patch"
+	"${FILESDIR}/${PN}-10.1-en-1501-vt.patch" )
+
+pkg_setup() {
+	# Force set CC=clang. when using gcc, aesni fails to build.
+	use sparc-fbsd || export CC=clang
+	use zfs || mymakeopts="${mymakeopts} WITHOUT_CDDL="
+}
+
+src_prepare() {
+	local conf="${S}/$(tc-arch-kernel)/conf/${KERN_BUILD}"
+
+	# This replaces the gentoover patch, it doesn't need reapply every time.
+	sed -i -e 's:^REVISION=.*:REVISION="'${PVR}'":' \
+		-e 's:^BRANCH=.*:BRANCH="Gentoo":' \
+		-e 's:^VERSION=.*:VERSION="${TYPE} ${BRANCH} ${REVISION}":' \
+		"${S}/conf/newvers.sh"
+
+	# __FreeBSD_cc_version comes from FreeBSD's gcc.
+	# on 10.0-RELEASE it's 1000001.
+	# FYI, can get it from gnu/usr.bin/cc/cc_tools/freebsd-native.h.
+	sed -e "s:-D_KERNEL:-D_KERNEL -D__FreeBSD_cc_version=1000001:g" \
+		-i "${S}/conf/kern.pre.mk" \
+		-i "${S}/conf/kmod.mk" || die "Couldn't set __FreeBSD_cc_version"
+
+	# Remove -Werror
+	sed -e "s:-Werror:-Wno-error:g" \
+		-i "${S}/conf/kern.pre.mk" \
+		-i "${S}/conf/kmod.mk" || die
+
+	# Set the kernel configuration using USE flags.
+	cp -f "${FILESDIR}/config-GENTOO" "${conf}" || die
+	use debug || echo 'nomakeoptions DEBUG' >> "${conf}"
+	use dtrace || echo 'nomakeoptions WITH_CTF' >> "${conf}"
+
+	# Only used with USE=build-kernel, let the kernel build with its own flags, its safer.
+	unset LDFLAGS CFLAGS CXXFLAGS ASFLAGS KERNEL
+}
+
+src_configure() {
+	if use build-kernel ; then
+		tc-export CC
+		cd "${S}/$(tc-arch-kernel)/conf" || die
+		config ${KERN_BUILD} || die
+	fi
+}
+
+src_compile() {
+	if use build-kernel ; then
+		if has_version "<sys-freebsd/freebsd-ubin-10.0"; then
+			cd "${WORKDIR}"/usr.bin/bmake || die
+			CC=${CHOST}-gcc freebsd_src_compile
+			export BMAKE="${WORKDIR}/usr.bin/bmake/make"
+		fi
+		cd "${S}/$(tc-arch-kernel)/compile/${KERN_BUILD}" || die
+		freebsd_src_compile depend
+		freebsd_src_compile
+	else
+		einfo "Nothing to compile.."
+	fi
+}
+
+src_install() {
+	if use build-kernel ; then
+		cd "${S}/$(tc-arch-kernel)/compile/${KERN_BUILD}" || die
+		freebsd_src_install
+		rm -rf "${S}/$(tc-arch-kernel)/compile/${KERN_BUILD}"
+		cd "${S}"
+	fi
+
+	insinto "/usr/src/sys"
+	doins -r "${S}/"*
+}
+
+pkg_preinst() {
+	if [[ -L "${ROOT}/usr/src/sys" ]]; then
+		einfo "/usr/src/sys is a symlink, removing it..."
+		rm -f "${ROOT}/usr/src/sys"
+	fi
+
+	if use sparc-fbsd ; then
+		ewarn "WARNING: kldload currently causes kernel panics"
+		ewarn "on sparc64. This is probably a gcc-4.1 issue, but"
+		ewarn "we need gcc-4.1 to compile the kernel correctly :/"
+		ewarn "Please compile all modules you need into the kernel"
+	fi
+}
-- 
cgit v1.2.3-65-gdbad