Date: Mon, 27 Jul 2015 18:49:07 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r393005 - in branches/2015Q3/security/openssh-portable: . files Message-ID: <201507271849.t6RIn7qr009699@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Jul 27 18:49:07 2015 New Revision: 393005 URL: https://svnweb.freebsd.org/changeset/ports/393005 Log: MFH: r393004 Add upstream fix to address CVE-2015-5600 for MaxAuthTries bypass. Security: 5b74a5bc-348f-11e5-ba05-c80aa9043978 Added: branches/2015Q3/security/openssh-portable/files/patch-auth2-chall.c - copied unchanged from r393004, head/security/openssh-portable/files/patch-auth2-chall.c Modified: branches/2015Q3/security/openssh-portable/Makefile Directory Properties: branches/2015Q3/ (props changed) Modified: branches/2015Q3/security/openssh-portable/Makefile ============================================================================== --- branches/2015Q3/security/openssh-portable/Makefile Mon Jul 27 18:47:55 2015 (r393004) +++ branches/2015Q3/security/openssh-portable/Makefile Mon Jul 27 18:49:07 2015 (r393005) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.8p1 -PORTREVISION= 8 +PORTREVISION= 9 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable Copied: branches/2015Q3/security/openssh-portable/files/patch-auth2-chall.c (from r393004, head/security/openssh-portable/files/patch-auth2-chall.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q3/security/openssh-portable/files/patch-auth2-chall.c Mon Jul 27 18:49:07 2015 (r393005, copy of r393004, head/security/openssh-portable/files/patch-auth2-chall.c) @@ -0,0 +1,52 @@ +From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sat, 18 Jul 2015 07:57:14 +0000 +Subject: upstream commit + +only query each keyboard-interactive device once per + authentication request regardless of how many times it is listed; ok markus@ + +Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 +--- + auth2-chall.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/auth2-chall.c b/auth2-chall.c +index ddabe1a..4aff09d 100644 +--- auth2-chall.c ++++ auth2-chall.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ ++/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ + /* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2001 Per Allansson. All rights reserved. +@@ -83,6 +83,7 @@ struct KbdintAuthctxt + void *ctxt; + KbdintDevice *device; + u_int nreq; ++ u_int devices_done; + }; + + #ifdef USE_PAM +@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) + if (len == 0) + break; + for (i = 0; devices[i]; i++) { +- if (!auth2_method_allowed(authctxt, ++ if ((kbdintctxt->devices_done & (1 << i)) != 0 || ++ !auth2_method_allowed(authctxt, + "keyboard-interactive", devices[i]->name)) + continue; +- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) ++ if (strncmp(kbdintctxt->devices, devices[i]->name, ++ len) == 0) { + kbdintctxt->device = devices[i]; ++ kbdintctxt->devices_done |= 1 << i; ++ } + } + t = kbdintctxt->devices; + kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; +-- +cgit v0.11.2 +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507271849.t6RIn7qr009699>