From owner-svn-ports-head@FreeBSD.ORG Sat May 16 16:28:40 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C214CB01; Sat, 16 May 2015 16:28:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 94FBC17DB; Sat, 16 May 2015 16:28:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t4GGSeT0060608; Sat, 16 May 2015 16:28:40 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t4GGSewa060606; Sat, 16 May 2015 16:28:40 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201505161628.t4GGSewa060606@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Sat, 16 May 2015 16:28:40 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r386554 - in head/security/openssh-portable: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 May 2015 16:28:40 -0000 Author: bdrewery Date: Sat May 16 16:28:39 2015 New Revision: 386554 URL: https://svnweb.freebsd.org/changeset/ports/386554 Log: Avoid a potential read overflow. This was not deemed a security issue by upstream; it was fixed upstream comprehensively a few weeks ago in 77199d6ec8986d470487e66f8ea8f4cf43d2e20c. PR: 200241 Patch by: Hanno Böck Obtained from: http://www.openwall.com/lists/oss-security/2015/05/16/3 Added: head/security/openssh-portable/files/patch-compat.c (contents, props changed) Modified: head/security/openssh-portable/Makefile Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Sat May 16 16:16:31 2015 (r386553) +++ head/security/openssh-portable/Makefile Sat May 16 16:28:39 2015 (r386554) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.8p1 -PORTREVISION= 6 +PORTREVISION= 7 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable Added: head/security/openssh-portable/files/patch-compat.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-compat.c Sat May 16 16:28:39 2015 (r386554) @@ -0,0 +1,17 @@ +Avoid a heap overflow. Upstream did not deem this a security issue. It appears +to be mostly harmless too. + +http://www.openwall.com/lists/oss-security/2015/05/16/3 +https://anongit.mindrot.org/openssh.git/commit/?id=77199d6ec8986d470487e66f8ea8f4cf43d2e20c + +--- compat.c 2015-03-17 06:49:20.000000000 +0100 ++++ compat.c 2015-05-03 17:51:32.251293388 +0200 +@@ -229,7 +229,7 @@ + buffer_init(&b); + tmp = orig_prop = xstrdup(proposal); + while ((cp = strsep(&tmp, ",")) != NULL) { +- if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) { ++ if (match_pattern_list(cp, filter, strlen(filter), 0) != 1) { + if (buffer_len(&b) > 0) + buffer_append(&b, ",", 1); + buffer_append(&b, cp, strlen(cp));