mgorny 15/03/08 14:01:56
Added: freebsd-sources-10.1-cve-2014-8613.patch
freebsd-sources-10.1-cve-2015-1414.patch
config-GENTOO
freebsd-sources-10.1-cve-2014-8612.patch
freebsd-sources-10.0-gentoo.patch
Log:
Add FreeBSD 10.1 ebuilds,
https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/46 by nigoro.
(Portage version: 2.2.17/cvs/Linux x86_64, signed Manifest commit with key
EFB4464E!)
Revision Changes Path
1.1
sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8613.patch?rev=1.1&content-type=text/plain
Index: freebsd-sources-10.1-cve-2014-8613.patch
===================================================================
Index: sys/netinet/sctp_input.c
===================================================================
--- sys/netinet/sctp_input.c (revision 277788)
+++ sys/netinet/sctp_input.c (working copy)
@@ -3649,6 +3649,9 @@ sctp_handle_stream_reset_response(struct sctp_tcb
/* huh ? */
return (0);
}
+ if (ntohs(respin->ph.param_length) <
sizeof(struct sctp_stream_reset_response_tsn)) {
+ return (0);
+ }
if (action ==
SCTP_STREAM_RESET_RESULT_PERFORMED) {
resp = (struct
sctp_stream_reset_response_tsn *)respin;
asoc->stream_reset_outstanding--;
@@ -4037,7 +4040,7 @@ __attribute__((noinline))
sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int
offset,
struct sctp_chunkhdr *ch_req)
{
- int chk_length, param_len, ptype;
+ uint16_t remaining_length, param_len, ptype;
struct sctp_paramhdr pstore;
uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE];
uint32_t seq = 0;
@@ -4050,7 +4053,7 @@ __attribute__((noinline))
int num_param = 0;
/* now it may be a reset or a reset-response */
- chk_length = ntohs(ch_req->chunk_length);
+ remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct
sctp_chunkhdr);
/* setup for adding the response */
sctp_alloc_a_chunk(stcb, chk);
@@ -4088,20 +4091,27 @@ strres_nochunk:
ch->chunk_length = htons(chk->send_size);
SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
offset += sizeof(struct sctp_chunkhdr);
- while ((size_t)chk_length >= sizeof(struct
sctp_stream_reset_tsn_request)) {
+ while (remaining_length >= sizeof(struct sctp_paramhdr)) {
ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
sizeof(pstore), (uint8_t *) & pstore);
- if (ph == NULL)
+ if (ph == NULL) {
+ /* TSNH */
break;
+ }
param_len = ntohs(ph->param_length);
- if (param_len < (int)sizeof(struct
sctp_stream_reset_tsn_request)) {
- /* bad param */
+ if ((param_len > remaining_length) ||
+ (param_len < (sizeof(struct sctp_paramhdr) +
sizeof(uint32_t)))) {
+ /* bad parameter length */
break;
}
- ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
min(param_len, (int)sizeof(cstore)),
+ ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
min(param_len, sizeof(cstore)),
(uint8_t *) & cstore);
+ if (ph == NULL) {
+ /* TSNH */
+ break;
+ }
ptype = ntohs(ph->param_type);
num_param++;
- if (param_len > (int)sizeof(cstore)) {
+ if (param_len > sizeof(cstore)) {
trunc = 1;
} else {
trunc = 0;
@@ -4113,6 +4123,9 @@ strres_nochunk:
if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
struct sctp_stream_reset_out_request *req_out;
+ if (param_len < sizeof(struct
sctp_stream_reset_out_request)) {
+ break;
+ }
req_out = (struct sctp_stream_reset_out_request *)ph;
num_req++;
if (stcb->asoc.stream_reset_outstanding) {
@@ -4126,6 +4139,9 @@ strres_nochunk:
} else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) {
struct sctp_stream_reset_add_strm *str_add;
+ if (param_len < sizeof(struct
sctp_stream_reset_add_strm)) {
+ break;
+ }
str_add = (struct sctp_stream_reset_add_strm *)ph;
num_req++;
sctp_handle_str_reset_add_strm(stcb, chk, str_add);
@@ -4132,6 +4148,9 @@ strres_nochunk:
} else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) {
struct sctp_stream_reset_add_strm *str_add;
+ if (param_len < sizeof(struct
sctp_stream_reset_add_strm)) {
+ break;
+ }
str_add = (struct sctp_stream_reset_add_strm *)ph;
num_req++;
sctp_handle_str_reset_add_out_strm(stcb, chk, str_add);
@@ -4156,6 +4175,9 @@ strres_nochunk:
struct sctp_stream_reset_response *resp;
uint32_t result;
+ if (param_len < sizeof(struct
sctp_stream_reset_response)) {
+ break;
+ }
resp = (struct sctp_stream_reset_response *)ph;
seq = ntohl(resp->response_seq);
result = ntohl(resp->result);
@@ -4167,7 +4189,11 @@ strres_nochunk:
break;
}
offset += SCTP_SIZE32(param_len);
- chk_length -= SCTP_SIZE32(param_len);
+ if (remaining_length >= SCTP_SIZE32(param_len)) {
+ remaining_length -= SCTP_SIZE32(param_len);
+ } else {
+ remaining_length = 0;
+ }
}
if (num_req == 0) {
/* we have no response free the stuff */
1.1
sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-1414.patch?rev=1.1&content-type=text/plain
Index: freebsd-sources-10.1-cve-2015-1414.patch
===================================================================
Index: sys/netinet/igmp.c
===================================================================
--- sys/netinet/igmp.c (revision 278973)
+++ sys/netinet/igmp.c (working copy)
@@ -1533,8 +1533,8 @@ igmp_input(struct mbuf *m, int off)
case IGMP_VERSION_3: {
struct igmpv3 *igmpv3;
uint16_t igmpv3len;
- uint16_t srclen;
- int nsrc;
+ uint16_t nsrc;
+ int srclen;
IGMPSTAT_INC(igps_rcv_v3_queries);
igmpv3 = (struct igmpv3 *)igmp;
1.1 sys-freebsd/freebsd-sources/files/config-GENTOO
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/config-GENTOO?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/config-GENTOO?rev=1.1&content-type=text/plain
Index: config-GENTOO
===================================================================
# Kernel configuration for Gentoo/FreeBSD.
include GENERIC
ident GENTOO
1.1
sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2014-8612.patch?rev=1.1&content-type=text/plain
Index: freebsd-sources-10.1-cve-2014-8612.patch
===================================================================
Index: sys/netinet/sctp_usrreq.c
===================================================================
--- sys/netinet/sctp_usrreq.c (revision 277788)
+++ sys/netinet/sctp_usrreq.c (working copy)
@@ -1863,8 +1863,9 @@ flags_out:
SCTP_CHECK_AND_CAST(av, optval, struct
sctp_stream_value, *optsize);
SCTP_FIND_STCB(inp, stcb, av->assoc_id);
if (stcb) {
- if
(stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
- &av->stream_value) < 0) {
+ if ((av->stream_id >= stcb->asoc.streamoutcnt)
||
+
(stcb->asoc.ss_functions.sctp_ss_get_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
+ &av->stream_value) < 0)) {
SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
error = EINVAL;
} else {
@@ -4032,8 +4033,9 @@ sctp_setopt(struct socket *so, int optname, void *
SCTP_CHECK_AND_CAST(av, optval, struct
sctp_stream_value, optsize);
SCTP_FIND_STCB(inp, stcb, av->assoc_id);
if (stcb) {
- if
(stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
- av->stream_value) < 0) {
+ if ((av->stream_id >= stcb->asoc.streamoutcnt)
||
+
(stcb->asoc.ss_functions.sctp_ss_set_value(stcb, &stcb->asoc,
&stcb->asoc.strmout[av->stream_id],
+ av->stream_value) < 0)) {
SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
error = EINVAL;
}
@@ -4043,10 +4045,12 @@ sctp_setopt(struct socket *so, int optname, void *
SCTP_INP_RLOCK(inp);
LIST_FOREACH(stcb,
&inp->sctp_asoc_list, sctp_tcblist) {
SCTP_TCB_LOCK(stcb);
-
stcb->asoc.ss_functions.sctp_ss_set_value(stcb,
- &stcb->asoc,
-
&stcb->asoc.strmout[av->stream_id],
- av->stream_value);
+ if (av->stream_id <
stcb->asoc.streamoutcnt) {
+
stcb->asoc.ss_functions.sctp_ss_set_value(stcb,
+ &stcb->asoc,
+
&stcb->asoc.strmout[av->stream_id],
+ av->stream_value);
+ }
SCTP_TCB_UNLOCK(stcb);
}
SCTP_INP_RUNLOCK(inp);
1.1
sys-freebsd/freebsd-sources/files/freebsd-sources-10.0-gentoo.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.0-gentoo.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-sources/files/freebsd-sources-10.0-gentoo.patch?rev=1.1&content-type=text/plain
Index: freebsd-sources-10.0-gentoo.patch
===================================================================
diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk
index 2939a59..124ef6f 100644
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@ -5,7 +5,7 @@
#
CWARNFLAGS?= -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes \
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual \
- -Wundef -Wno-pointer-sign ${FORMAT_EXTENSIONS} \
+ -Wundef -Wno-pointer-sign \
-Wmissing-include-dirs -fdiagnostics-show-option \
${CWARNEXTRA}
#
@@ -61,7 +61,7 @@ FORMAT_EXTENSIONS= -fformat-extensions
#
.if ${MACHINE_CPUARCH} == "i386"
.if ${COMPILER_TYPE} != "clang"
-CFLAGS+= -mno-align-long-strings -mpreferred-stack-boundary=2
+CFLAGS+= -mpreferred-stack-boundary=2
.else
CFLAGS+= -mno-aes -mno-avx
.endif
