From nobody@FreeBSD.org  Thu Aug 20 04:01:19 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 52F1A1065690
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Aug 2009 04:01:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 4488E8FC62
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Aug 2009 04:01:19 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n7K41JTu038850
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Aug 2009 04:01:19 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n7K41IlD038849;
	Thu, 20 Aug 2009 04:01:18 GMT
	(envelope-from nobody)
Message-Id: <200908200401.n7K41IlD038849@www.freebsd.org>
Date: Thu, 20 Aug 2009 04:01:18 GMT
From: Jonathan Chen <jon@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/openssh-portable: [PATCH] sftp crashes on directory listing
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: dindin@dindin.ru

>Number:         137985
>Category:       ports
>Synopsis:       security/openssh-portable: [PATCH] sftp crashes on directory listing
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    jon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 20 04:10:03 UTC 2009
>Closed-Date:    Fri Sep 18 14:07:03 UTC 2009
>Last-Modified:  Fri Sep 18 14:07:03 UTC 2009
>Originator:     Jonathan Chen
>Release:        8.0-BETA2 amd64
>Organization:
>Environment:
FreeBSD builder 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Fri Aug 14 19:03:00 EDT 2009     jon@builder:/usr/obj/usr/src/sys/DFLT  amd64
>Description:
On FreeBSD, openbsd-compat's glob is supposed to be used used instead of the system glob, due to BROKEN_GLOB being set in configure. However, includes.h pulls in the system glob.h nonetheless, resulting in divergent glob_t definitions within openssh.

This manifests as sftp throwing a SIGBUS when a directory listing is requested.


NB: contrary to the claim in the Makefile, openssh-portable seems to compile just fine on OSVERSION==800104 (once you remove the BROKEN= line)

>How-To-Repeat:
cd /usr/ports/security/openssh-portable
make
work/openssh-5.2p1/sftp localhost
[login]
ls
*SIGBUS*
>Fix:
drop the following patch into files/patch-blah

--- includes.h~ 2009-08-19 23:32:26.000000000 -0400
+++ includes.h  2009-08-19 23:32:53.000000000 -0400
@@ -31,7 +31,8 @@
 #endif
 #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \
     defined(GLOB_HAS_GL_MATCHC) && \
-    defined(HAVE_DECL_GLOB_NOMATCH) &&  HAVE_DECL_GLOB_NOMATCH != 0
+    defined(HAVE_DECL_GLOB_NOMATCH) &&  HAVE_DECL_GLOB_NOMATCH != 0 &&\
+    !defined(BROKEN_GLOB)
 # include <glob.h>
 #endif
 #ifdef HAVE_ENDIAN_H


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->jon 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Aug 20 04:10:14 UTC 2009 
Responsible-Changed-Why:  
Submitter has GNATS access (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=137985 
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Aug 20 04:10:18 UTC 2009 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=137985 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: dindin@dindin.ru
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/137985: security/openssh-portable: [PATCH] sftp crashes on directory listing
Date: Thu, 20 Aug 2009 04:10:16 UT

 Maintainer of security/openssh-portable,
 
 Please note that PR ports/137985 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/137985
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
State-Changed-From-To: feedback->closed 
State-Changed-By: pav 
State-Changed-When: Fri Sep 18 14:05:02 UTC 2009 
State-Changed-Why:  
Committed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=137985 
>Unformatted:
