svn commit: r431445 - in head/security/openssh-portable: . files

Bryan Drewery bdrewery at FreeBSD.org
Fri Jan 13 23:39:49 UTC 2017 

Author: bdrewery
Date: Fri Jan 13 23:39:48 2017
New Revision: 431445
URL: https://svnweb.freebsd.org/changeset/ports/431445

Log:
  Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010.
  
  Security:	2c948527-d823-11e6-9171-14dae9d210b8
  Submitted by:	Tim Zingelman <zingelman at gmail.com>
  MFH:		2017Q1

Added:
  head/security/openssh-portable/files/patch-serverloop.c   (contents, props changed)
Modified:
  head/security/openssh-portable/Makefile

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Fri Jan 13 23:38:46 2017	(r431444)
+++ head/security/openssh-portable/Makefile	Fri Jan 13 23:39:48 2017	(r431445)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	7.3p1
-PORTREVISION=	3
+PORTREVISION=	4
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable

Added: head/security/openssh-portable/files/patch-serverloop.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openssh-portable/files/patch-serverloop.c	Fri Jan 13 23:39:48 2017	(r431445)
@@ -0,0 +1,23 @@
+Fix CVE-2016-10010
+
+
+--- serverloop.c.orig	2016-07-27 17:54:27.000000000 -0500
++++ serverloop.c	2017-01-11 18:44:42.881227000 -0600
+@@ -999,7 +999,7 @@
+ 
+ 	/* XXX fine grained permissions */
+ 	if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
+-	    !no_port_forwarding_flag) {
++	    !no_port_forwarding_flag && use_privsep) {
+ 		c = channel_connect_to_path(target,
+ 		    "direct-streamlocal at openssh.com", "direct-streamlocal");
+ 	} else {
+@@ -1280,7 +1280,7 @@
+ 
+ 		/* check permissions */
+ 		if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
+-		    || no_port_forwarding_flag) {
++		    || no_port_forwarding_flag || !use_privsep) {
+ 			success = 0;
+ 			packet_send_debug("Server has disabled port forwarding.");
+ 		} else {

More information about the svn-ports-head mailing list