Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Feb 2001 11:00:44 -0800
From:      Alfred Perlstein <bright@wintelcom.net>
To:        green@freebsd.org
Cc:        security@freebsd.org, ports@freebsd.org
Subject:   OpenSSH port patch
Message-ID:  <20010209110044.I26076@fw.wintelcom.net>
index | next in thread | raw e-mail 

Please trim CC!

This removes the 'forbidden' and adds a patch to correct the
hash overflow as suggested by the Bindview audit.

I'm cc'ing Brian Feldman (green) because he's maintainer, -ports
because I'm not really good at ports and -security so that people
can look this over.

May I apply this patch?

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh/Makefile,v
retrieving revision 1.57
diff -u -u -r1.57 Makefile
--- Makefile	2001/02/09 04:58:24	1.57
+++ Makefile	2001/02/09 18:53:06
@@ -20,8 +20,6 @@
 
 .include <bsd.port.pre.mk>
 
-FORBIDDEN=	"Remote vulnerabilities"
-
 CRYPTOLIBS=	-L${OPENSSLLIB} -lcrypto
 # Here, MANDIR is concetenated to DESTDIR which all forms the man install dir...
 MAKE_ENV+=	DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"
Index: files/patch-az
===================================================================
RCS file: patch-az
diff -N patch-az
--- /dev/null	Fri Feb  9 10:59:20 2001
+++ patch-az	Fri Feb  9 10:58:58 2001
@@ -0,0 +1,11 @@
+--- /home/bright/ssh/ssh/deattack.c	Fri Aug 18 19:17:12 2000
++++ deattack.c	Fri Feb  9 10:58:54 2001
+@@ -84,7 +84,7 @@
+ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
+ {
+ 	static u_int16_t *h = (u_int16_t *) NULL;
+-	static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
++	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ 	register u_int32_t i, j;
+ 	u_int32_t l;
+ 	register unsigned char *c;

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010209110044.I26076>