summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2018-08-15 10:36:12 +0200
committerMichał Górny <mgorny@gentoo.org>2018-08-15 12:32:41 +0200
commitfd3c43c332409c536c274c154434bdb6a1b6f90d (patch)
tree18d03f9333e621723aecad005c0d02f1a638c3ab
parentsys-freebsd/freebsd-usbin: Include FreeBSD-SA-18:03 patch (diff)
downloadgentoo-fd3c43c332409c536c274c154434bdb6a1b6f90d.tar.gz
gentoo-fd3c43c332409c536c274c154434bdb6a1b6f90d.tar.bz2
gentoo-fd3c43c332409c536c274c154434bdb6a1b6f90d.zip
sys-freebsd/freebsd-share: Include SA manpage updates
Include the manpage patches related to the following Security Advisories: FreeBSD-SA-18:08.tcp FreeBSD-SA-18:10.ip
-rw-r--r--sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch23
-rw-r--r--sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch113
-rw-r--r--sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild122
3 files changed, 258 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch
new file mode 100644
index 00000000000..b7d2a750c78
--- /dev/null
+++ b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch
@@ -0,0 +1,23 @@
+--- share/man/man4/tcp.4.orig
++++ share/man/man4/tcp.4
+@@ -445,6 +445,20 @@
+ Reseeding should not be necessary, and will break
+ .Dv TIME_WAIT
+ recycling for a few minutes.
++.It Va reass.cursegments
++The current total number of segments present in all reassembly queues.
++.It Va reass.maxsegments
++The maximum limit on the total number of segments across all reassembly
++queues.
++The limit can be adjusted as a tunable.
++.It Va reass.maxqueuelen
++The maximum number of segments allowed in each reassembly queue.
++By default, the system chooses a limit based on each TCP connection's
++receive buffer size and maximum segment size (MSS).
++The actual limit applied to a session's reassembly queue will be the lower of
++the system-calculated automatic limit and the user-specified
++.Va reass.maxqueuelen
++limit.
+ .It Va rexmit_min , rexmit_slop
+ Adjust the retransmit timer calculation for
+ .Tn TCP .
diff --git a/sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch
new file mode 100644
index 00000000000..1fee32f348b
--- /dev/null
+++ b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch
@@ -0,0 +1,113 @@
+--- share/man/man4/inet.4.orig
++++ share/man/man4/inet.4
+@@ -28,7 +28,7 @@
+ .\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93
+ .\" $FreeBSD$
+ .\"
+-.Dd Feb 4, 2016
++.Dd August 14, 2018
+ .Dt INET 4
+ .Os
+ .Sh NAME
+@@ -229,15 +229,38 @@
+ cycle greatly.
+ Default is 0 (sequential IP IDs).
+ IPv6 flow IDs and fragment IDs are always random.
++.It Va ip.maxfrags
++Integer: maximum number of fragments the host will accept and simultaneously
++hold across all reassembly queues in all VNETs.
++If set to 0, reassembly is disabled.
++If set to -1, this limit is not applied.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a global limit.
+ .It Va ip.maxfragpackets
+-Integer: maximum number of fragmented packets the host will accept and hold
+-in the reassembling queue simultaneously.
+-0 means that the host will not accept any fragmented packets.
+-\-1 means that the host will accept as many fragmented packets as it receives.
++Integer: maximum number of fragmented packets the host will accept and
++simultaneously hold in the reassembly queue for a particular VNET.
++0 means that the host will not accept any fragmented packets for that VNET.
++\-1 means that the host will not apply this limit for that VNET.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a per-VNET limit.
++.It Va ip.maxfragbucketsize
++Integer: maximum number of reassembly queues per bucket.
++Fragmented packets are hashed to buckets.
++Each bucket has a list of reassembly queues.
++The system must compare the incoming packets to the existing reassembly queues
++in the bucket to find a matching reassembly queue.
++To preserve system resources, the system limits the number of reassembly
++queues allowed in each bucket.
++This limit is recalculated when the number of mbuf clusters is changed or
++when the value of
++.Va ip.maxfragpackets
++changes.
++This is a per-VNET limit.
+ .It Va ip.maxfragsperpacket
+ Integer: maximum number of fragments the host will accept and hold
+-in the reassembling queue for a packet.
+-0 means that the host will not accept any fragmented packets.
++in the reassembly queue for a packet.
++0 means that the host will not accept any fragmented packets for the VNET.
++This is a per-VNET limit.
+ .El
+ .Sh SEE ALSO
+ .Xr ioctl 2 ,
+--- share/man/man4/inet6.4.orig
++++ share/man/man4/inet6.4
+@@ -29,7 +29,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.Dd September 2, 2009
++.Dd August 14, 2018
+ .Dt INET6 4
+ .Os
+ .Sh NAME
+@@ -219,12 +219,41 @@
+ This value applies to all the transport protocols on top of
+ .Tn IPv6 .
+ There are APIs to override the value.
++.It Dv IPV6CTL_MAXFRAGS
++.Pq ip6.maxfrags
++Integer: maximum number of fragments the host will accept and simultaneously
++hold across all reassembly queues in all VNETs.
++If set to 0, fragment reassembly is disabled.
++If set to -1, this limit is not applied.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a global limit.
+ .It Dv IPV6CTL_MAXFRAGPACKETS
+ .Pq ip6.maxfragpackets
+-Integer: default maximum number of fragmented packets the node will accept.
+-0 means that the node will not accept any fragmented packets.
+--1 means that the node will accept as many fragmented packets as it receives.
+-The flag is provided basically for avoiding possible DoS attacks.
++Integer: maximum number of fragmented packets the node will accept and
++simultaneously hold in the reassembly queue for a particular VNET.
++0 means that the node will not accept any fragmented packets for that VNET.
++-1 means that the node will not apply this limit for that VNET.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a per-VNET limit.
++.It Dv IPV6CTL_MAXFRAGBUCKETSIZE
++.Pq ip6.maxfragbucketsize
++Integer: maximum number of reassembly queues per bucket.
++Fragmented packets are hashed to buckets.
++Each bucket has a list of reassembly queues.
++The system must compare the incoming packets to the existing reassembly queues
++in the bucket to find a matching reassembly queue.
++To preserve system resources, the system limits the number of reassembly
++queues allowed in each bucket.
++This limit is recalculated when the number of mbuf clusters is changed or
++when the value of
++.Va ip6.maxfragpackets
++changes.
++This is a per-VNET limit.
++.It Dv IPV6CTL_MAXFRAGSPERPACKET
++.Pq ip6.maxfragsperpacket
++Integer: maximum number of fragments the host will accept and hold in the
++ressembly queue for a packet.
++This is a per-VNET limit.
+ .It Dv IPV6CTL_ACCEPT_RTADV
+ .Pq ip6.accept_rtadv
+ Boolean: the default value of a per-interface flag to
diff --git a/sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild b/sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild
new file mode 100644
index 00000000000..a8b673e53ec
--- /dev/null
+++ b/sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit bsdmk freebsd
+
+DESCRIPTION="FreeBSD shared tools/files"
+SLOT="0"
+LICENSE="BSD zfs? ( CDDL )"
+
+IUSE="doc usb zfs"
+
+if [[ ${PV} != *9999* ]]; then
+ KEYWORDS="~amd64-fbsd ~x86-fbsd"
+fi
+
+EXTRACTONLY="
+ share/
+ contrib/
+ gnu/
+ usr.bin/
+ usr.sbin/
+ sbin/
+ bin/
+ lib/
+ etc/
+ tools/tools/locale/
+"
+
+DEPEND="=sys-freebsd/freebsd-mk-defs-${RV}*
+ =sys-freebsd/freebsd-sources-${RV}*"
+RDEPEND="sys-apps/miscfiles"
+
+RESTRICT="strip"
+
+S="${WORKDIR}/share"
+
+pkg_setup() {
+ # Add the required source files.
+ use zfs && EXTRACTONLY+="cddl/ "
+
+ use doc || mymakeopts="${mymakeopts} WITHOUT_SHAREDOCS= "
+ use usb || mymakeopts="${mymakeopts} WITHOUT_USB= "
+ use zfs || mymakeopts="${mymakeopts} WITHOUT_CDDL= "
+
+ has_version "<sys-freebsd/freebsd-ubin-10.1" && mymakeopts="${mymakeopts} WITHOUT_VT= "
+ has_version "<sys-freebsd/freebsd-ubin-11.0" && mymakeopts="${mymakeopts} WITHOUT_LOCALES= "
+ has_version "<sys-freebsd/freebsd-lib-9.1-r11" && mymakeopts="${mymakeopts} WITHOUT_ICONV= "
+
+ mymakeopts="${mymakeopts} WITHOUT_SENDMAIL= WITHOUT_CLANG= "
+}
+
+REMOVE_SUBDIRS="mk termcap zoneinfo tabset"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-10.3-gentoo-skel.patch"
+ "${FILESDIR}/${PN}-10.0-gentoo-eapi3.patch"
+ "${FILESDIR}/${PN}-10.2-gnu-miscfiles.patch"
+ "${FILESDIR}/${PN}-SA-1808-tcp-11.patch"
+ "${FILESDIR}/${PN}-SA-1810-ip.patch"
+)
+
+src_prepare() {
+ # Remove make.conf manpage as it describes bsdmk's make.conf.
+ sed -i -e 's:make.conf.5::' "${S}/man/man5/Makefile"
+ # Remove rc.conf manpage as it describes bsd's rc.conf.
+ sed -i -e 's:\brc.conf.5::' "${S}/man/man5/Makefile"
+ sed -i -e 's:\brc.conf.local.5::' "${S}/man/man5/Makefile"
+ # Remove mailer.conf manpage
+ sed -i -e 's:mailer.conf.5::' "${S}/man/man5/Makefile"
+ # Remove pbm and moduli(ssh) manpages
+ sed -i -e 's:pbm.5::' -e 's:moduli.5::' "${S}/man/man5/Makefile"
+ # Remove builtins manpage
+ sed -i -e '/builtins\.1/d' "${S}/man/man1/Makefile"
+ # Remove rc manpages
+ sed -i -e '/rc.8/d' "${S}/man/man8/Makefile"
+ # Remove hv_kvp_daemon.8 manpage. It's provided by freebsd-usbin.
+ sed -i -e '/hv_kvp_daemon.8/d' "${S}/man/man8/Makefile"
+
+ # Don't install the arch-specific directories in subdirectories
+ sed -i -e '/MANSUBDIR/d' "${S}"/man/man4/man4.{i386,sparc64}/Makefile
+
+ # Remove them so that they can't be included by error
+ rm -rf "${S}"/mk/*.mk
+
+ # Make proper symlinks by defining the full target.
+ local sdir
+ for sdir in colldef monetdef msgdef numericdef timedef
+ do
+ sed -e 's:\${enc2}$:\${enc2}/\${FILESNAME}:g' -i \
+ "${S}/${sdir}/Makefile" || \
+ die "Error fixing ${sdir}/Makefile"
+ done
+ if [[ ! -e "${WORKDIR}/sys" ]]; then
+ ln -s "/usr/src/sys" "${WORKDIR}/sys" || die "failed to set sys symlink"
+ fi
+}
+
+src_compile() {
+ export ESED="/usr/bin/sed"
+
+ # libiconv support.
+ if ! has_version "<sys-freebsd/freebsd-lib-9.1-r11" ; then
+ # i18n/csmapper/APPLE requires mkcsmapper_static
+ # i18n/esdb/APPLE requires mkesdb_static
+ for pkg in mkcsmapper_static mkesdb_static
+ do
+ cd "${WORKDIR}"/usr.bin/${pkg} || die
+ freebsd_src_compile
+ done
+ fi
+
+ # This is a groff problem and not a -shared problem.
+ cd "${S}" || die
+ export GROFF_TMAC_PATH="/usr/share/tmac/:/usr/share/groff/1.22.2/tmac/"
+ freebsd_src_compile -j1 || die "emake failed"
+}
+
+src_install() {
+ freebsd_src_install -j1 DOCDIR=/usr/share/doc/${PF}
+}