Date: Fri, 13 Jan 2017 23:39:48 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r431445 - in head/security/openssh-portable: . files Message-ID: <201701132339.v0DNdmtY030524@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Fri Jan 13 23:39:48 2017 New Revision: 431445 URL: https://svnweb.freebsd.org/changeset/ports/431445 Log: Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010. Security: 2c948527-d823-11e6-9171-14dae9d210b8 Submitted by: Tim Zingelman <zingelman@gmail.com> MFH: 2017Q1 Added: head/security/openssh-portable/files/patch-serverloop.c (contents, props changed) Modified: head/security/openssh-portable/Makefile Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Fri Jan 13 23:38:46 2017 (r431444) +++ head/security/openssh-portable/Makefile Fri Jan 13 23:39:48 2017 (r431445) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.3p1 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable Added: head/security/openssh-portable/files/patch-serverloop.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-serverloop.c Fri Jan 13 23:39:48 2017 (r431445) @@ -0,0 +1,23 @@ +Fix CVE-2016-10010 + + +--- serverloop.c.orig 2016-07-27 17:54:27.000000000 -0500 ++++ serverloop.c 2017-01-11 18:44:42.881227000 -0600 +@@ -999,7 +999,7 @@ + + /* XXX fine grained permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && +- !no_port_forwarding_flag) { ++ !no_port_forwarding_flag && use_privsep) { + c = channel_connect_to_path(target, + "direct-streamlocal@openssh.com", "direct-streamlocal"); + } else { +@@ -1280,7 +1280,7 @@ + + /* check permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 +- || no_port_forwarding_flag) { ++ || no_port_forwarding_flag || !use_privsep) { + success = 0; + packet_send_debug("Server has disabled port forwarding."); + } else {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701132339.v0DNdmtY030524>