From 9bdd2f8fbe0abe40cf5a2646562ef300b1208b9b Mon Sep 17 00:00:00 2001 From: marius Date: Sat, 4 Mar 2006 17:36:07 +0000 Subject: Add a patch which fixes a format string vulnerability in the SFTP server. Submitted by: Jarkko Santala Approved by: portmgr (erwin) Security: http://vuxml.freebsd.org/594ad3c5-a39b-11da-926c-0800209adf0e.html --- security/ssh2/Makefile | 2 +- .../files/patch-lib::sshfilexfer::sshfilexfers.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 security/ssh2/files/patch-lib::sshfilexfer::sshfilexfers.c (limited to 'security/ssh2') diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index e4a27d82f7a5..ba2483ccee49 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -7,7 +7,7 @@ PORTNAME= ssh2 PORTVERSION= 3.2.9.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security ipv6 # The list of official mirror sites is at: # http://www.ssh.com/support/downloads/secureshellserver/non-commercial.html diff --git a/security/ssh2/files/patch-lib::sshfilexfer::sshfilexfers.c b/security/ssh2/files/patch-lib::sshfilexfer::sshfilexfers.c new file mode 100644 index 000000000000..cb6133c7bebf --- /dev/null +++ b/security/ssh2/files/patch-lib::sshfilexfer::sshfilexfers.c @@ -0,0 +1,21 @@ +--- lib/sshfilexfer/sshfilexfers.c.orig 2003-12-03 15:17:22.000000000 +0200 ++++ lib/sshfilexfer/sshfilexfers.c 2006-02-22 10:44:25.000000000 +0200 +@@ -5,7 +5,7 @@ + Authors: Tatu Ylonen + Sami Lehtinen + +- Copyright (c) 1998-2001 SSH Communications Security Corp, Finland ++ Copyright (c) 1998-2001, 2006 SSH Communications Security Corp, Finland + All rights reserved + + Generic file transfer module, server side. +@@ -115,7 +115,8 @@ + if (server->log_facility >= 0) \ + { \ + char *msg = ssh_debug_format varcall; \ +- ssh_log_event(det_fac(category, server->log_facility), severity, msg); \ ++ ssh_log_event(det_fac(category, server->log_facility), severity, \ ++ "%s", msg); \ + ssh_xfree(msg); \ + } \ + } while (0) -- cgit