From owner-svn-ports-head@FreeBSD.ORG Tue Oct 28 22:56:28 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E4268507; Tue, 28 Oct 2014 22:56:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B15603A7; Tue, 28 Oct 2014 22:56:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s9SMuSuF027489; Tue, 28 Oct 2014 22:56:28 GMT (envelope-from alonso@FreeBSD.org) Received: (from alonso@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s9SMuSxR027487; Tue, 28 Oct 2014 22:56:28 GMT (envelope-from alonso@FreeBSD.org) Message-Id: <201410282256.s9SMuSxR027487@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: alonso set sender to alonso@FreeBSD.org using -f From: Alonso Schaich Date: Tue, 28 Oct 2014 22:56:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r371656 - in head/x11/kde4-runtime: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2014 22:56:29 -0000 Author: alonso Date: Tue Oct 28 22:56:27 2014 New Revision: 371656 URL: https://svnweb.freebsd.org/changeset/ports/371656 QAT: https://qat.redports.org/buildarchive/r371656/ Log: Fix an OOB memory read in kio_sftp When passing timeout values to ssh_option_set of security/libssh, an int type pointer is used instead of a long int one required by the ssh_option_set documentation, which causes platform specific (or undefined) behaviour on architectures where sizeof (long int) is different to sizeof (int). Fix this by "promoting" the referenced locals to long integer type. This commit merges r10452 of area51 and is based on a report by Dwayne MacKinnon via kde@ mailing list. References: https://mail.kde.org/pipermail/kde-freebsd/2014-October/018330.html https://bugs.kde.org/show_bug.cgi?id=331674 Approved by: rakuco (mentor) Added: head/x11/kde4-runtime/files/patch-kioslave__sftp__kio_sftp.cpp (contents, props changed) Modified: head/x11/kde4-runtime/Makefile Modified: head/x11/kde4-runtime/Makefile ============================================================================== --- head/x11/kde4-runtime/Makefile Tue Oct 28 22:55:13 2014 (r371655) +++ head/x11/kde4-runtime/Makefile Tue Oct 28 22:56:27 2014 (r371656) @@ -2,6 +2,7 @@ PORTNAME= kde-runtime PORTVERSION= ${KDE4_VERSION} +PORTREVISION= 1 CATEGORIES= x11 kde MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} Added: head/x11/kde4-runtime/files/patch-kioslave__sftp__kio_sftp.cpp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/x11/kde4-runtime/files/patch-kioslave__sftp__kio_sftp.cpp Tue Oct 28 22:56:27 2014 (r371656) @@ -0,0 +1,11 @@ +--- kioslave/sftp/kio_sftp.cpp.orig 2014-10-27 22:00:05.195340477 +0100 ++++ kioslave/sftp/kio_sftp.cpp 2014-10-27 22:00:14.755340379 +0100 +@@ -528,7 +528,7 @@ + return false; + } + +- int timeout_sec = 30, timeout_usec = 0; ++ long int timeout_sec = 30, timeout_usec = 0; + + kDebug(KIO_SFTP_DB) << "Creating the SSH session and setting options"; +