summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2018-08-15 10:24:18 +0200
committerMichał Górny <mgorny@gentoo.org>2018-08-15 12:32:40 +0200
commit4434094737edab9aa027a40b9a735d192a0282a8 (patch)
treede3d2b6cc65ad16df9ff6f5d718cb4a3f205f526
parentsys-freebsd/freebsd-sources: include multiple errata updates (diff)
downloadgentoo-4434094737edab9aa027a40b9a735d192a0282a8.tar.gz
gentoo-4434094737edab9aa027a40b9a735d192a0282a8.tar.bz2
gentoo-4434094737edab9aa027a40b9a735d192a0282a8.zip
sys-freebsd/freebsd-usbin: Include FreeBSD-SA-18:03 patch
Include the usr.sbin part of the following Security Advisory patch: FreeBSD-SA-18:03.speculative_execution
-rw-r--r--sys-freebsd/freebsd-usbin/files/freebsd-usbin-SA-1803-speculative_execution-amd64-11.patch189
-rw-r--r--sys-freebsd/freebsd-usbin/freebsd-usbin-11.1_p1.ebuild191
2 files changed, 380 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-usbin/files/freebsd-usbin-SA-1803-speculative_execution-amd64-11.patch b/sys-freebsd/freebsd-usbin/files/freebsd-usbin-SA-1803-speculative_execution-amd64-11.patch
new file mode 100644
index 00000000000..0cc67ad8f34
--- /dev/null
+++ b/sys-freebsd/freebsd-usbin/files/freebsd-usbin-SA-1803-speculative_execution-amd64-11.patch
@@ -0,0 +1,189 @@
+--- usr.sbin/cpucontrol/cpucontrol.8.orig
++++ usr.sbin/cpucontrol/cpucontrol.8
+@@ -24,7 +24,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.Dd June 30, 2009
++.Dd January 5, 2018
+ .Dt CPUCONTROL 8
+ .Os
+ .Sh NAME
+@@ -36,44 +36,48 @@
+ .Nm
+ .Op Fl vh
+ .Fl m Ar msr
+-.Bk
+ .Ar device
+ .Ek
++.Bk
+ .Nm
+ .Op Fl vh
+ .Fl m Ar msr Ns = Ns Ar value
+-.Bk
+ .Ar device
+ .Ek
++.Bk
+ .Nm
+ .Op Fl vh
+ .Fl m Ar msr Ns &= Ns Ar mask
+-.Bk
+ .Ar device
+ .Ek
++.Bk
+ .Nm
+ .Op Fl vh
+ .Fl m Ar msr Ns |= Ns Ar mask
+-.Bk
+ .Ar device
+ .Ek
++.Bk
+ .Nm
+ .Op Fl vh
+ .Fl i Ar level
+-.Bk
+ .Ar device
+ .Ek
++.Bk
+ .Nm
+ .Op Fl vh
+ .Fl i Ar level,level_type
+-.Bk
+ .Ar device
+ .Ek
++.Bk
+ .Nm
+ .Op Fl vh
+ .Op Fl d Ar datadir
+ .Fl u
++.Ar device
++.Ek
+ .Bk
++.Nm
++.Fl e
+ .Ar device
+ .Ek
+ .Sh DESCRIPTION
+@@ -129,6 +133,20 @@
+ .Nm
+ utility will walk through the configured data directories
+ and apply all firmware updates available for this CPU.
++.It Fl e
++Re-evaluate the kernel flags indicating the present CPU features.
++This command is typically executed after a firmware update was applied
++which changes information reported by the
++.Dv CPUID
++instruction.
++.Pp
++.Bf -symbolic
++Only execute the
++.Fl e
++command after the microcode update was applied to all CPUs in the system.
++The kernel does not operate correctly if the features of processors are
++not identical.
++.Ef
+ .It Fl v
+ Increase the verbosity level.
+ .It Fl h
+--- usr.sbin/cpucontrol/cpucontrol.c.orig
++++ usr.sbin/cpucontrol/cpucontrol.c
+@@ -60,6 +60,7 @@
+ #define FLAG_I 0x01
+ #define FLAG_M 0x02
+ #define FLAG_U 0x04
++#define FLAG_E 0x10
+
+ #define OP_INVAL 0x00
+ #define OP_READ 0x01
+@@ -114,7 +115,7 @@
+ if (name == NULL)
+ name = "cpuctl";
+ fprintf(stderr, "Usage: %s [-vh] [-d datadir] [-m msr[=value] | "
+- "-i level | -i level,level_type | -u] device\n", name);
++ "-i level | -i level,level_type | -e | -u] device\n", name);
+ exit(EX_USAGE);
+ }
+
+@@ -338,6 +339,25 @@
+ }
+
+ static int
++do_eval_cpu_features(const char *dev)
++{
++ int fd, error;
++
++ assert(dev != NULL);
++
++ fd = open(dev, O_RDWR);
++ if (fd < 0) {
++ WARN(0, "error opening %s for writing", dev);
++ return (1);
++ }
++ error = ioctl(fd, CPUCTL_EVAL_CPU_FEATURES, NULL);
++ if (error < 0)
++ WARN(0, "ioctl(%s, CPUCTL_EVAL_CPU_FEATURES)", dev);
++ close(fd);
++ return (error);
++}
++
++static int
+ do_update(const char *dev)
+ {
+ int fd;
+@@ -431,11 +451,14 @@
+ * Add all default data dirs to the list first.
+ */
+ datadir_add(DEFAULT_DATADIR);
+- while ((c = getopt(argc, argv, "d:hi:m:uv")) != -1) {
++ while ((c = getopt(argc, argv, "d:ehi:m:uv")) != -1) {
+ switch (c) {
+ case 'd':
+ datadir_add(optarg);
+ break;
++ case 'e':
++ flags |= FLAG_E;
++ break;
+ case 'i':
+ flags |= FLAG_I;
+ cmdarg = optarg;
+@@ -464,22 +487,25 @@
+ /* NOTREACHED */
+ }
+ dev = argv[0];
+- c = flags & (FLAG_I | FLAG_M | FLAG_U);
++ c = flags & (FLAG_E | FLAG_I | FLAG_M | FLAG_U);
+ switch (c) {
+- case FLAG_I:
+- if (strstr(cmdarg, ",") != NULL)
+- error = do_cpuid_count(cmdarg, dev);
+- else
+- error = do_cpuid(cmdarg, dev);
+- break;
+- case FLAG_M:
+- error = do_msr(cmdarg, dev);
+- break;
+- case FLAG_U:
+- error = do_update(dev);
+- break;
+- default:
+- usage(); /* Only one command can be selected. */
++ case FLAG_I:
++ if (strstr(cmdarg, ",") != NULL)
++ error = do_cpuid_count(cmdarg, dev);
++ else
++ error = do_cpuid(cmdarg, dev);
++ break;
++ case FLAG_M:
++ error = do_msr(cmdarg, dev);
++ break;
++ case FLAG_U:
++ error = do_update(dev);
++ break;
++ case FLAG_E:
++ error = do_eval_cpu_features(dev);
++ break;
++ default:
++ usage(); /* Only one command can be selected. */
+ }
+ SLIST_FREE(&datadirs, next, free);
+ return (error == 0 ? 0 : 1);
diff --git a/sys-freebsd/freebsd-usbin/freebsd-usbin-11.1_p1.ebuild b/sys-freebsd/freebsd-usbin/freebsd-usbin-11.1_p1.ebuild
new file mode 100644
index 00000000000..7eb0e4f04f7
--- /dev/null
+++ b/sys-freebsd/freebsd-usbin/freebsd-usbin-11.1_p1.ebuild
@@ -0,0 +1,191 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit bsdmk freebsd flag-o-matic eutils
+
+DESCRIPTION="FreeBSD /usr/sbin tools"
+SLOT="0"
+LICENSE="BSD zfs? ( CDDL )"
+
+# Security Advisory and Errata patches.
+# UPSTREAM_PATCHES=()
+
+if [[ ${PV} != *9999* ]]; then
+ KEYWORDS="~amd64-fbsd ~x86-fbsd"
+ SRC_URI="${SRC_URI}
+ $(freebsd_upstream_patches)"
+fi
+
+EXTRACTONLY="
+ usr.sbin/
+ contrib/
+ usr.bin/
+ lib/
+ sbin/
+ etc/
+ gnu/
+"
+
+RDEPEND="=sys-freebsd/freebsd-lib-${RV}*[usb?,bluetooth?,netware?]
+ build? ( sys-apps/baselayout )
+ ssl? ( dev-libs/openssl:0 )
+ >=app-arch/libarchive-3
+ sys-apps/tcp-wrappers
+ dev-util/dialog
+ >=dev-libs/libedit-20120311.3.0-r1
+ net-libs/libpcap
+ kerberos? ( app-crypt/heimdal )"
+DEPEND="${RDEPEND}
+ =sys-freebsd/freebsd-mk-defs-${RV}*
+ =sys-freebsd/freebsd-ubin-${RV}*
+ zfs? ( =sys-freebsd/freebsd-cddl-${RV}* )
+ !build? ( =sys-freebsd/freebsd-sources-${RV}*
+ >=sys-freebsd/freebsd-sources-11.1_p3 )
+ sys-apps/texinfo
+ sys-devel/flex"
+
+S="${WORKDIR}/usr.sbin"
+
+IUSE="acpi atm audit bluetooth floppy ipv6 kerberos minimal netware nis pam ssl usb build zfs"
+
+pkg_setup() {
+ # Add the required source files.
+ use nis && EXTRACTONLY+="libexec/ "
+ use build && EXTRACTONLY+="sys/ include/ "
+ use zfs && EXTRACTONLY+="cddl/ "
+
+ # Release crunch is something like minimal. It seems to remove everything
+ # which is not needed to work.
+ use minimal && mymakeopts="${mymakeopts} RELEASE_CRUNCH= "
+
+ use acpi || mymakeopts="${mymakeopts} WITHOUT_ACPI= "
+ use atm || mymakeopts="${mymakeopts} WITHOUT_ATM= "
+ use audit || mymakeopts="${mymakeopts} WITHOUT_AUDIT= "
+ use bluetooth || mymakeopts="${mymakeopts} WITHOUT_BLUETOOTH= "
+ use ipv6 || mymakeopts="${mymakeopts} WITHOUT_INET6= WITHOUT_INET6_SUPPORT= "
+ use netware || mymakeopts="${mymakeopts} WITHOUT_IPX= WITHOUT_IPX_SUPPORT= WITHOUT_NCP= "
+ use nis || mymakeopts="${mymakeopts} WITHOUT_NIS= "
+ use pam || mymakeopts="${mymakeopts} WITHOUT_PAM_SUPPORT= "
+ use ssl || mymakeopts="${mymakeopts} WITHOUT_OPENSSL= "
+ use usb || mymakeopts="${mymakeopts} WITHOUT_USB= "
+ use floppy || mymakeopts="${mymakeopts} WITHOUT_FLOPPY= "
+ use kerberos || mymakeopts="${mymakeopts} WITHOUT_GSSAPI= "
+ use zfs || mymakeopts="${mymakeopts} WITHOUT_CDDL= "
+
+ mymakeopts="${mymakeopts} WITHOUT_PF= WITHOUT_LPR= WITHOUT_SENDMAIL= WITHOUT_AUTHPF= WITHOUT_MAILWRAPPER= WITHOUT_UNBOUND= "
+
+ append-flags $(test-flags -fno-strict-aliasing)
+}
+
+PATCHES=(
+ "${FILESDIR}/${PN}-adduser.patch"
+ "${FILESDIR}/${PN}-9.0-newsyslog.patch"
+ "${FILESDIR}/${PN}-11.1-bsdxml2expat.patch"
+ "${FILESDIR}/${PN}-10.3-bsdxml2expat.patch"
+ "${FILESDIR}/${PN}-11.0-workaround.patch"
+ "${FILESDIR}/${PN}-SA-1803-speculative_execution-amd64-11.patch"
+ )
+
+REMOVE_SUBDIRS="
+ tcpdchk tcpdmatch
+ sendmail praliases editmap mailstats makemap
+ pc-sysinstall cron mailwrapper ntp bsnmpd
+ tcpdump ndp inetd
+ wpa/wpa_supplicant wpa/hostapd wpa/hostapd_cli wpa/wpa_cli wpa/wpa_passphrase
+ zic amd
+ pkg freebsd-update service sysrc bsdinstall"
+
+src_prepare() {
+ if ! use build; then
+ [[ ! -e "${WORKDIR}/sys" ]] && ln -s "/usr/src/sys" "${WORKDIR}/sys"
+ [[ ! -e "${WORKDIR}/include" ]] && ln -s "/usr/include" "${WORKDIR}/include"
+ else
+ dummy_mk mount_smbfs
+ fi
+}
+
+src_compile() {
+ # Preparing to build nmtree, ypldap
+ for dir in libnetbsd libopenbsd; do
+ cd "${WORKDIR}/lib/${dir}" || die
+ freebsd_src_compile -j1
+ done
+
+ cd "${S}" || die
+ freebsd_src_compile
+}
+
+src_install() {
+ # By creating these directories we avoid having to do a
+ # more complex hack
+ dodir /usr/share/doc
+ dodir /sbin
+ dodir /usr/libexec
+ dodir /usr/bin
+
+ # FILESDIR is used by some makefiles which will install files
+ # in the wrong place, just put it in the doc directory.
+ freebsd_src_install DOCDIR=/usr/share/doc/${PF}
+
+ # Most of these now come from openrc.
+ for util in iscsid nfs nfsuserd rpc.statd rpc.lockd; do
+ newinitd "${FILESDIR}/"${util}.initd ${util}
+ if [[ -e "${FILESDIR}"/${util}.confd ]]; then \
+ newconfd "${FILESDIR}"/${util}.confd ${util}
+ fi
+ done
+
+ for class in daily monthly weekly; do
+ cat - > "${T}/periodic.${class}" <<EOS
+#!/bin/sh
+/usr/sbin/periodic ${class}
+EOS
+ exeinto /etc/cron.${class}
+ newexe "${T}/periodic.${class}" periodic
+ done
+
+ # Install the pw.conf file to let pw use Gentoo's skel location
+ insinto /etc
+ doins "${FILESDIR}/pw.conf"
+
+ cd "${WORKDIR}/etc" || die
+ doins apmd.conf syslog.conf newsyslog.conf nscd.conf
+
+ if use bluetooth; then
+ insinto /etc/bluetooth
+ doins bluetooth/*
+ rm -f "${D}"/etc/bluetooth/Makefile
+ fi
+
+ cd "${S}"/ppp || die
+ insinto /etc/ppp
+ doins ppp.conf
+
+ # Install the periodic stuff (needs probably to be ported in a more
+ # gentooish way)
+ cd "${WORKDIR}/etc/periodic" || die
+
+ doperiodic daily daily/*.accounting
+ doperiodic monthly monthly/*.accounting
+}
+
+pkg_postinst() {
+ # We need to run pwd_mkdb if key files are not present
+ # If they are, then there is no need to run pwd_mkdb
+ if [[ ! -e "${ROOT}etc/passwd" || ! -e "${ROOT}etc/pwd.db" || ! -e "${ROOT}etc/spwd.db" ]] ; then
+ if [[ -e "${ROOT}etc/master.passwd" ]] ; then
+ einfo "Generating passwd files from ${ROOT}etc/master.passwd"
+ "${ROOT}"usr/sbin/pwd_mkdb -p -d "${ROOT}etc" "${ROOT}etc/master.passwd"
+ else
+ eerror "${ROOT}etc/master.passwd does not exist!"
+ eerror "You will no be able to log into your system!"
+ fi
+ fi
+
+ for logfile in messages security auth.log maillog lpd-errs xferlog cron \
+ debug.log slip.log ppp.log; do
+ [[ -f "${ROOT}/var/log/${logfile}" ]] || touch "${ROOT}/var/log/${logfile}"
+ done
+}