sys-freebsd/freebsd-share: Include SA manpage updates

Include the manpage patches related to the following Security
Advisories:

FreeBSD-SA-18:08.tcp
FreeBSD-SA-18:10.ip

3 files changed, 258 insertions, 0 deletions

diff --git a/sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch
new file mode 100644
index 000000000000..b7d2a750c789
--- /dev/null
+++ b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1808-tcp-11.patch
@@ -0,0 +1,23 @@
+--- share/man/man4/tcp.4.orig
++++ share/man/man4/tcp.4
+@@ -445,6 +445,20 @@
+ Reseeding should not be necessary, and will break
+ .Dv TIME_WAIT
+ recycling for a few minutes.
++.It Va reass.cursegments
++The current total number of segments present in all reassembly queues.
++.It Va reass.maxsegments
++The maximum limit on the total number of segments across all reassembly
++queues.
++The limit can be adjusted as a tunable.
++.It Va reass.maxqueuelen
++The maximum number of segments allowed in each reassembly queue.
++By default, the system chooses a limit based on each TCP connection's
++receive buffer size and maximum segment size (MSS).
++The actual limit applied to a session's reassembly queue will be the lower of
++the system-calculated automatic limit and the user-specified
++.Va reass.maxqueuelen
++limit.
+ .It Va rexmit_min , rexmit_slop
+ Adjust the retransmit timer calculation for
+ .Tn TCP .
diff --git a/sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch
new file mode 100644
index 000000000000..1fee32f348b6
--- /dev/null
+++ b/sys-freebsd/freebsd-share/files/freebsd-share-SA-1810-ip.patch
@@ -0,0 +1,113 @@
+--- share/man/man4/inet.4.orig
++++ share/man/man4/inet.4
+@@ -28,7 +28,7 @@
+ .\"     From: @(#)inet.4	8.1 (Berkeley) 6/5/93
+ .\" $FreeBSD$
+ .\"
+-.Dd Feb 4, 2016
++.Dd August 14, 2018
+ .Dt INET 4
+ .Os
+ .Sh NAME
+@@ -229,15 +229,38 @@
+ cycle greatly.
+ Default is 0 (sequential IP IDs).
+ IPv6 flow IDs and fragment IDs are always random.
++.It Va ip.maxfrags
++Integer: maximum number of fragments the host will accept and simultaneously
++hold across all reassembly queues in all VNETs.
++If set to 0, reassembly is disabled.
++If set to -1, this limit is not applied.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a global limit.
+ .It Va ip.maxfragpackets
+-Integer: maximum number of fragmented packets the host will accept and hold
+-in the reassembling queue simultaneously.
+-0 means that the host will not accept any fragmented packets.
+-\-1 means that the host will accept as many fragmented packets as it receives.
++Integer: maximum number of fragmented packets the host will accept and
++simultaneously hold in the reassembly queue for a particular VNET.
++0 means that the host will not accept any fragmented packets for that VNET.
++\-1 means that the host will not apply this limit for that VNET.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a per-VNET limit.
++.It Va ip.maxfragbucketsize
++Integer: maximum number of reassembly queues per bucket.
++Fragmented packets are hashed to buckets.
++Each bucket has a list of reassembly queues.
++The system must compare the incoming packets to the existing reassembly queues
++in the bucket to find a matching reassembly queue.
++To preserve system resources, the system limits the number of reassembly
++queues allowed in each bucket.
++This limit is recalculated when the number of mbuf clusters is changed or
++when the value of
++.Va ip.maxfragpackets
++changes.
++This is a per-VNET limit.
+ .It Va ip.maxfragsperpacket
+ Integer: maximum number of fragments the host will accept and hold
+-in the reassembling queue for a packet.
+-0 means that the host will not accept any fragmented packets.
++in the reassembly queue for a packet.
++0 means that the host will not accept any fragmented packets for the VNET.
++This is a per-VNET limit.
+ .El
+ .Sh SEE ALSO
+ .Xr ioctl 2 ,
+--- share/man/man4/inet6.4.orig
++++ share/man/man4/inet6.4
+@@ -29,7 +29,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.Dd September 2, 2009
++.Dd August 14, 2018
+ .Dt INET6 4
+ .Os
+ .Sh NAME
+@@ -219,12 +219,41 @@
+ This value applies to all the transport protocols on top of
+ .Tn IPv6 .
+ There are APIs to override the value.
++.It Dv IPV6CTL_MAXFRAGS
++.Pq ip6.maxfrags
++Integer: maximum number of fragments the host will accept and simultaneously
++hold across all reassembly queues in all VNETs.
++If set to 0, fragment reassembly is disabled.
++If set to -1, this limit is not applied.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a global limit.
+ .It Dv IPV6CTL_MAXFRAGPACKETS
+ .Pq ip6.maxfragpackets
+-Integer: default maximum number of fragmented packets the node will accept.
+-0 means that the node will not accept any fragmented packets.
+--1 means that the node will accept as many fragmented packets as it receives.
+-The flag is provided basically for avoiding possible DoS attacks.
++Integer: maximum number of fragmented packets the node will accept and
++simultaneously hold in the reassembly queue for a particular VNET.
++0 means that the node will not accept any fragmented packets for that VNET.
++-1 means that the node will not apply this limit for that VNET.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a per-VNET limit.
++.It Dv IPV6CTL_MAXFRAGBUCKETSIZE
++.Pq ip6.maxfragbucketsize
++Integer: maximum number of reassembly queues per bucket.
++Fragmented packets are hashed to buckets.
++Each bucket has a list of reassembly queues.
++The system must compare the incoming packets to the existing reassembly queues
++in the bucket to find a matching reassembly queue.
++To preserve system resources, the system limits the number of reassembly
++queues allowed in each bucket.
++This limit is recalculated when the number of mbuf clusters is changed or
++when the value of
++.Va ip6.maxfragpackets
++changes.
++This is a per-VNET limit.
++.It Dv IPV6CTL_MAXFRAGSPERPACKET
++.Pq ip6.maxfragsperpacket
++Integer: maximum number of fragments the host will accept and hold in the
++ressembly queue for a packet.
++This is a per-VNET limit.
+ .It Dv IPV6CTL_ACCEPT_RTADV
+ .Pq ip6.accept_rtadv
+ Boolean: the default value of a per-interface flag to
diff --git a/sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild b/sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild
new file mode 100644
index 000000000000..a8b673e53ec3
--- /dev/null
+++ b/sys-freebsd/freebsd-share/freebsd-share-11.1_p1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit bsdmk freebsd
+
+DESCRIPTION="FreeBSD shared tools/files"
+SLOT="0"
+LICENSE="BSD zfs? ( CDDL )"
+
+IUSE="doc usb zfs"
+
+if [[ ${PV} != *9999* ]]; then
+	KEYWORDS="~amd64-fbsd ~x86-fbsd"
+fi
+
+EXTRACTONLY="
+	share/
+	contrib/
+	gnu/
+	usr.bin/
+	usr.sbin/
+	sbin/
+	bin/
+	lib/
+	etc/
+	tools/tools/locale/
+"
+
+DEPEND="=sys-freebsd/freebsd-mk-defs-${RV}*
+		=sys-freebsd/freebsd-sources-${RV}*"
+RDEPEND="sys-apps/miscfiles"
+
+RESTRICT="strip"
+
+S="${WORKDIR}/share"
+
+pkg_setup() {
+	# Add the required source files.
+	use zfs && EXTRACTONLY+="cddl/ "
+
+	use doc || mymakeopts="${mymakeopts} WITHOUT_SHAREDOCS= "
+	use usb || mymakeopts="${mymakeopts} WITHOUT_USB= "
+	use zfs || mymakeopts="${mymakeopts} WITHOUT_CDDL= "
+
+	has_version "<sys-freebsd/freebsd-ubin-10.1" && mymakeopts="${mymakeopts} WITHOUT_VT= "
+	has_version "<sys-freebsd/freebsd-ubin-11.0" && mymakeopts="${mymakeopts} WITHOUT_LOCALES= "
+	has_version "<sys-freebsd/freebsd-lib-9.1-r11" && mymakeopts="${mymakeopts} WITHOUT_ICONV= "
+
+	mymakeopts="${mymakeopts} WITHOUT_SENDMAIL= WITHOUT_CLANG= "
+}
+
+REMOVE_SUBDIRS="mk termcap zoneinfo tabset"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-10.3-gentoo-skel.patch"
+	"${FILESDIR}/${PN}-10.0-gentoo-eapi3.patch"
+	"${FILESDIR}/${PN}-10.2-gnu-miscfiles.patch"
+	"${FILESDIR}/${PN}-SA-1808-tcp-11.patch"
+	"${FILESDIR}/${PN}-SA-1810-ip.patch"
+)
+
+src_prepare() {
+	# Remove make.conf manpage as it describes bsdmk's make.conf.
+	sed -i -e 's:make.conf.5::' "${S}/man/man5/Makefile"
+	# Remove rc.conf manpage as it describes bsd's rc.conf.
+	sed -i -e 's:\brc.conf.5::' "${S}/man/man5/Makefile"
+	sed -i -e 's:\brc.conf.local.5::' "${S}/man/man5/Makefile"
+	# Remove mailer.conf manpage
+	sed -i -e 's:mailer.conf.5::' "${S}/man/man5/Makefile"
+	# Remove pbm and moduli(ssh) manpages
+	sed -i -e 's:pbm.5::' -e 's:moduli.5::' "${S}/man/man5/Makefile"
+	# Remove builtins manpage
+	sed -i -e '/builtins\.1/d' "${S}/man/man1/Makefile"
+	# Remove rc manpages
+	sed -i -e '/rc.8/d' "${S}/man/man8/Makefile"
+	# Remove hv_kvp_daemon.8 manpage. It's provided by freebsd-usbin.
+	sed -i -e '/hv_kvp_daemon.8/d' "${S}/man/man8/Makefile"
+
+	# Don't install the arch-specific directories in subdirectories
+	sed -i -e '/MANSUBDIR/d' "${S}"/man/man4/man4.{i386,sparc64}/Makefile
+
+	# Remove them so that they can't be included by error
+	rm -rf "${S}"/mk/*.mk
+
+	# Make proper symlinks by defining the full target.
+	local sdir
+	for sdir in colldef monetdef msgdef numericdef timedef
+	do
+		sed -e 's:\${enc2}$:\${enc2}/\${FILESNAME}:g' -i \
+			"${S}/${sdir}/Makefile" || \
+			die "Error fixing ${sdir}/Makefile"
+	done
+	if [[ ! -e "${WORKDIR}/sys" ]]; then
+		ln -s "/usr/src/sys" "${WORKDIR}/sys" || die "failed to set sys symlink"
+	fi
+}
+
+src_compile() {
+	export ESED="/usr/bin/sed"
+
+	# libiconv support.
+	if ! has_version "<sys-freebsd/freebsd-lib-9.1-r11" ; then
+		# i18n/csmapper/APPLE requires mkcsmapper_static
+		# i18n/esdb/APPLE requires mkesdb_static
+		for pkg in mkcsmapper_static mkesdb_static
+		do
+			cd "${WORKDIR}"/usr.bin/${pkg} || die
+			freebsd_src_compile
+		done
+	fi
+
+	# This is a groff problem and not a -shared problem.
+	cd "${S}" || die
+	export GROFF_TMAC_PATH="/usr/share/tmac/:/usr/share/groff/1.22.2/tmac/"
+	freebsd_src_compile -j1 || die "emake failed"
+}
+
+src_install() {
+	freebsd_src_install -j1 DOCDIR=/usr/share/doc/${PF}
+}