svn commit: r386554 - in head/security/openssh-portable: . files

Bryan Drewery bdrewery at FreeBSD.org
Sat May 16 16:28:40 UTC 2015 

Author: bdrewery
Date: Sat May 16 16:28:39 2015
New Revision: 386554
URL: https://svnweb.freebsd.org/changeset/ports/386554

Log:
  Avoid a potential read overflow. This was not deemed a security issue by
  upstream; it was fixed upstream comprehensively a few weeks ago in
  77199d6ec8986d470487e66f8ea8f4cf43d2e20c.
  
  PR:		200241
  Patch by:	Hanno Böck <hanno at hboeck.de>
  Obtained from:	http://www.openwall.com/lists/oss-security/2015/05/16/3

Added:
  head/security/openssh-portable/files/patch-compat.c   (contents, props changed)
Modified:
  head/security/openssh-portable/Makefile

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Sat May 16 16:16:31 2015	(r386553)
+++ head/security/openssh-portable/Makefile	Sat May 16 16:28:39 2015	(r386554)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	6.8p1
-PORTREVISION=	6
+PORTREVISION=	7
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable

Added: head/security/openssh-portable/files/patch-compat.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openssh-portable/files/patch-compat.c	Sat May 16 16:28:39 2015	(r386554)
@@ -0,0 +1,17 @@
+Avoid a heap overflow. Upstream did not deem this a security issue. It appears
+to be mostly harmless too.
+
+http://www.openwall.com/lists/oss-security/2015/05/16/3
+https://anongit.mindrot.org/openssh.git/commit/?id=77199d6ec8986d470487e66f8ea8f4cf43d2e20c
+
+--- compat.c	2015-03-17 06:49:20.000000000 +0100
++++ compat.c	2015-05-03 17:51:32.251293388 +0200
+@@ -229,7 +229,7 @@
+ 	buffer_init(&b);
+ 	tmp = orig_prop = xstrdup(proposal);
+ 	while ((cp = strsep(&tmp, ",")) != NULL) {
+-		if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
++		if (match_pattern_list(cp, filter, strlen(filter), 0) != 1) {
+ 			if (buffer_len(&b) > 0)
+ 				buffer_append(&b, ",", 1);
+ 			buffer_append(&b, cp, strlen(cp));

More information about the svn-ports-all mailing list