PR:

Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add a patch to fix a u_int_16 overflow after new merged gcc.

Submitted by:		Pyun YongHyeon <yongari@kt-is.co.kr>
Reviewed by:		maintainer
tested ok by:		all current platforms

2 files changed, 20 insertions, 1 deletions

diff --git a/security/pf/Makefile b/security/pf/Makefile
index cbe8f9623a67..9aba498e9c1f 100644
--- a/security/pf/Makefile
+++ b/security/pf/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	pf_freebsd
 PORTVERSION=	1.0
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://pf4freebsd.love2party.net/
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
diff --git a/security/pf/files/patch-af b/security/pf/files/patch-af
new file mode 100644
index 000000000000..9ae4ad0066b7
--- /dev/null
+++ b/security/pf/files/patch-af
@@ -0,0 +1,19 @@
+--- pf/pf_norm.c	3 Jul 2003 02:40:10 -0000	1.2.16.1
++++ pf/pf_norm.c	14 Jul 2003 07:11:17 -0000	1.2.16.2
+@@ -1050,12 +1050,12 @@
+ 		goto bad;
+ 	}
+ 
+-	max = fragoff + ip_len;
+ 	/* Respect maximum length */
+-	if (max > IP_MAXPACKET) {
+-		DPFPRINTF(("max packet %d\n", max));
++	if (fragoff + ip_len > IP_MAXPACKET) {
++		DPFPRINTF(("max packet %d\n", fragoff + ip_len));
+ 		goto bad;
+ 	}
++	max = fragoff + ip_len;
+ 
+ 	if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) {
+ 		/* Fully buffer all of the fragments */
+