From owner-svn-ports-all@freebsd.org  Sat Oct 29 15:14:12 2016
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1445BC2533F;
 Sat, 29 Oct 2016 15:14:12 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BDF258B8;
 Sat, 29 Oct 2016 15:14:11 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u9TFEASA047549;
 Sat, 29 Oct 2016 15:14:10 GMT (envelope-from feld@FreeBSD.org)
Received: (from feld@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u9TFEANu047547;
 Sat, 29 Oct 2016 15:14:10 GMT (envelope-from feld@FreeBSD.org)
Message-Id: <201610291514.u9TFEANu047547@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: feld set sender to
 feld@FreeBSD.org using -f
From: Mark Felder <feld@FreeBSD.org>
Date: Sat, 29 Oct 2016 15:14:10 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r424915 - in branches/2016Q4/security/openssh-portable: .
 files
X-SVN-Group: ports-branches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 15:14:12 -0000

Author: feld
Date: Sat Oct 29 15:14:10 2016
New Revision: 424915
URL: https://svnweb.freebsd.org/changeset/ports/424915

Log:
  MFH: r424592
  
  Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
    Unregister the KEXINIT handler after message has been
    received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
    allocation of up to 128MB -- until the connection is closed. Reported by
    shilei-c at 360.cn
  
  Security:	CVE-2016-8858
  
  Approved by:	ports-secteam (with hat)

Added:
  branches/2016Q4/security/openssh-portable/files/patch-kex.c
     - copied unchanged from r424592, head/security/openssh-portable/files/patch-kex.c
Modified:
  branches/2016Q4/security/openssh-portable/Makefile
Directory Properties:
  branches/2016Q4/   (props changed)

Modified: branches/2016Q4/security/openssh-portable/Makefile
==============================================================================
--- branches/2016Q4/security/openssh-portable/Makefile	Sat Oct 29 15:01:59 2016	(r424914)
+++ branches/2016Q4/security/openssh-portable/Makefile	Sat Oct 29 15:14:10 2016	(r424915)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	7.3p1
-PORTREVISION=	0
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable

Copied: branches/2016Q4/security/openssh-portable/files/patch-kex.c (from r424592, head/security/openssh-portable/files/patch-kex.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2016Q4/security/openssh-portable/files/patch-kex.c	Sat Oct 29 15:14:10 2016	(r424915, copy of r424592, head/security/openssh-portable/files/patch-kex.c)
@@ -0,0 +1,33 @@
+From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001
+From: "markus@openbsd.org" <markus@openbsd.org>
+Date: Mon, 10 Oct 2016 19:28:48 +0000
+Subject: [PATCH] upstream commit
+
+Unregister the KEXINIT handler after message has been
+received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
+allocation of up to 128MB -- until the connection is closed. Reported by
+shilei-c at 360.cn
+
+Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
+---
+ kex.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git kex.c kex.c
+index 3f97f8c..6a94bc5 100644
+--- kex.c
++++ kex.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: kex.c,v 1.126 2016/09/28 21:44:52 djm Exp $ */
++/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */
+ /*
+  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
+  *
+@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
+ 	if (kex == NULL)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
++	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
+ 	ptr = sshpkt_ptr(ssh, &dlen);
+ 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
+ 		return r;