From owner-freebsd-security Fri Feb 9 13:26:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 62BA337B491; Fri, 9 Feb 2001 13:26:05 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f19LQ4a19416; Fri, 9 Feb 2001 13:26:04 -0800 (PST) Date: Fri, 9 Feb 2001 13:26:04 -0800 From: Alfred Perlstein To: Matt Dillon Cc: green@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: OpenSSH port patch Message-ID: <20010209132604.O26076@fw.wintelcom.net> References: <20010209110044.I26076@fw.wintelcom.net> <200102092122.f19LMBh08953@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102092122.f19LMBh08953@earth.backplane.com>; from dillon@earth.backplane.com on Fri, Feb 09, 2001 at 01:22:11PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Matt Dillon [010209 13:22] wrote: > I think it's a whole lot better then simply marking the package > forbidden! I was actually surprised that the package was marked > forbidden, when the fix is only a few minutes of work. I've been hopping around on IRC froathing at the mouth about getting this patch in but no one has signed off on it and since I've got little port-fu I'm nervous about making a bad situation worse. > > -Matt > > :Please trim CC! > : > :This removes the 'forbidden' and adds a patch to correct the > :hash overflow as suggested by the Bindview audit. > : > :I'm cc'ing Brian Feldman (green) because he's maintainer, -ports > :because I'm not really good at ports and -security so that people > :can look this over. > : > :May I apply this patch? > : > :Index: Makefile > :=================================================================== > :RCS file: /home/ncvs/ports/security/openssh/Makefile,v > :retrieving revision 1.57 > :diff -u -u -r1.57 Makefile > :--- Makefile 2001/02/09 04:58:24 1.57 > :+++ Makefile 2001/02/09 18:53:06 > :@@ -20,8 +20,6 @@ > : > : .include > : > :-FORBIDDEN= "Remote vulnerabilities" > :- > : CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto > : # Here, MANDIR is concetenated to DESTDIR which all forms the man install dir... > : MAKE_ENV+= DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}" > :Index: files/patch-az > :=================================================================== > :RCS file: patch-az > :diff -N patch-az > :--- /dev/null Fri Feb 9 10:59:20 2001 > :+++ patch-az Fri Feb 9 10:58:58 2001 > :@@ -0,0 +1,11 @@ > :+--- /home/bright/ssh/ssh/deattack.c Fri Aug 18 19:17:12 2000 > :++++ deattack.c Fri Feb 9 10:58:54 2001 > :+@@ -84,7 +84,7 @@ > :+ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV) > :+ { > :+ static u_int16_t *h = (u_int16_t *) NULL; > :+- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE; > :++ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; > :+ register u_int32_t i, j; > :+ u_int32_t l; > :+ register unsigned char *c; > : > :-- > :-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > :"I have the heart of a child; I keep it in a jar on my desk." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message