From owner-freebsd-ports  Fri Feb  9 11: 1: 7 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id A71EC37B698; Fri,  9 Feb 2001 11:00:44 -0800 (PST)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f19J0iw14545;
	Fri, 9 Feb 2001 11:00:44 -0800 (PST)
Date: Fri, 9 Feb 2001 11:00:44 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: green@freebsd.org
Cc: security@freebsd.org, ports@freebsd.org
Subject: OpenSSH port patch
Message-ID: <20010209110044.I26076@fw.wintelcom.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Please trim CC!

This removes the 'forbidden' and adds a patch to correct the
hash overflow as suggested by the Bindview audit.

I'm cc'ing Brian Feldman (green) because he's maintainer, -ports
because I'm not really good at ports and -security so that people
can look this over.

May I apply this patch?

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh/Makefile,v
retrieving revision 1.57
diff -u -u -r1.57 Makefile
--- Makefile	2001/02/09 04:58:24	1.57
+++ Makefile	2001/02/09 18:53:06
@@ -20,8 +20,6 @@
 
 .include <bsd.port.pre.mk>
 
-FORBIDDEN=	"Remote vulnerabilities"
-
 CRYPTOLIBS=	-L${OPENSSLLIB} -lcrypto
 # Here, MANDIR is concetenated to DESTDIR which all forms the man install dir...
 MAKE_ENV+=	DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"
Index: files/patch-az
===================================================================
RCS file: patch-az
diff -N patch-az
--- /dev/null	Fri Feb  9 10:59:20 2001
+++ patch-az	Fri Feb  9 10:58:58 2001
@@ -0,0 +1,11 @@
+--- /home/bright/ssh/ssh/deattack.c	Fri Aug 18 19:17:12 2000
++++ deattack.c	Fri Feb  9 10:58:54 2001
+@@ -84,7 +84,7 @@
+ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
+ {
+ 	static u_int16_t *h = (u_int16_t *) NULL;
+-	static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
++	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ 	register u_int32_t i, j;
+ 	u_int32_t l;
+ 	register unsigned char *c;

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message