From owner-freebsd-security  Mon Dec 13 10:21:21 1999
Delivered-To: freebsd-security@freebsd.org
Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5FA72157E7; Mon, 13 Dec 1999 10:21:17 -0800 (PST)
	(envelope-from jedgar@fxp.org)
Received: from earth.fxp (oca-p2-98.hitter.net [207.192.76.98])
	by pawn.primelocation.net (Postfix) with ESMTP
	id 1BF8F9B1C; Mon, 13 Dec 1999 13:21:09 -0500 (EST)
Date: Mon, 13 Dec 1999 13:21:08 -0500 (EST)
From: "Chris D. Faulhaber" <jedgar@fxp.org>
X-Sender: jedgar@earth.fxp
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: spork <spork@super-g.com>, Mike Tancsa <mike@sentex.net>,
	security@FreeBSD.ORG, asami@freebsd.org
Subject: Re: RSAREF updated patch (was Re: Security Advisory: Buffer  overflow
 in RSAREF2 (fwd))
In-Reply-To: <Pine.BSF.4.21.9912131000340.69074-100000@hub.freebsd.org>
Message-ID: <Pine.BSF.4.21.9912131315140.50988-200000@earth.fxp>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1067800467-945109268=:50988"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-1067800467-945109268=:50988
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 13 Dec 1999, Kris Kennaway wrote:

> Hmm, Satoshi? I did warn you I couldn't test the port :-)
> 
> Kris
> 
> On Mon, 13 Dec 1999, spork wrote:
> 
> > I see it was committed this morning, but it appears to be broken:
> > 
> > ftp> get rsaref.tar
> > local: rsaref.tar remote: rsaref.tar                            
> > 
> > root@ass[/usr/ports/security]# tar xvf rsaref.tar
> > 
> > root@ass[/usr/ports/security/rsaref]# date
> > Mon Dec 13 12:31:35 EST 1999
> > root@ass[/usr/ports/security/rsaref]# make
> > ===>  Extracting for rsaref-2.0
> > >> Checksum OK for rsaref20.1996.tar.Z.
> > ===>  Patching for rsaref-2.0
> > ===>  Applying FreeBSD patches for rsaref-2.0
> > 4 out of 4 hunks failed--saving rejects to rsa.c.rej
> > *** Error code 4
> > 

The problem with the patch is whitespace.  Attached is patch-ac with the
correct whitespace...tested to compile and work with openssl and openssh.

-----
Chris D. Faulhaber               |  You can ISO9001 certify the process of 
System/Network Administrator,    |  shooting yourself in the foot, so long
Reality Check Information, Inc.  |  as the process is documented and reliably
<jedgar@fxp.org>                 |  produces the proper result.

--0-1067800467-945109268=:50988
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=patch-ac
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.21.9912131321080.50988@earth.fxp>
Content-Description: 
Content-Disposition: attachment; filename=patch-ac

LS0tIHJzYS5jLm9yaWcJRnJpIE1hciAyNSAxNDowMTo0OCAxOTk0DQorKysg
cnNhLmMJTW9uIERlYyAxMyAxMzoxMDoyOCAxOTk5DQpAQCAtMzMsNiArMzMs
OSBAQA0KICAgdW5zaWduZWQgY2hhciBieXRlLCBwa2NzQmxvY2tbTUFYX1JT
QV9NT0RVTFVTX0xFTl07DQogICB1bnNpZ25lZCBpbnQgaSwgbW9kdWx1c0xl
bjsNCiAgIA0KKyAgaWYgKHB1YmxpY0tleS0+Yml0cyA+IE1BWF9SU0FfTU9E
VUxVU19CSVRTKQ0KKyAgICByZXR1cm4gKFJFX0xFTik7DQorDQogICBtb2R1
bHVzTGVuID0gKHB1YmxpY0tleS0+Yml0cyArIDcpIC8gODsNCiAgIGlmIChp
bnB1dExlbiArIDExID4gbW9kdWx1c0xlbikNCiAgICAgcmV0dXJuIChSRV9M
RU4pOw0KQEAgLTc4LDYgKzgxLDkgQEANCiAgIHVuc2lnbmVkIGNoYXIgcGtj
c0Jsb2NrW01BWF9SU0FfTU9EVUxVU19MRU5dOw0KICAgdW5zaWduZWQgaW50
IGksIG1vZHVsdXNMZW4sIHBrY3NCbG9ja0xlbjsNCiAgIA0KKyAgaWYgKHB1
YmxpY0tleS0+Yml0cyA+IE1BWF9SU0FfTU9EVUxVU19CSVRTKQ0KKyAgICBy
ZXR1cm4gKFJFX0xFTik7DQorDQogICBtb2R1bHVzTGVuID0gKHB1YmxpY0tl
eS0+Yml0cyArIDcpIC8gODsNCiAgIGlmIChpbnB1dExlbiA+IG1vZHVsdXNM
ZW4pDQogICAgIHJldHVybiAoUkVfTEVOKTsNCkBAIC0xMjgsNiArMTM0LDkg
QEANCiAgIGludCBzdGF0dXM7DQogICB1bnNpZ25lZCBjaGFyIHBrY3NCbG9j
a1tNQVhfUlNBX01PRFVMVVNfTEVOXTsNCiAgIHVuc2lnbmVkIGludCBpLCBt
b2R1bHVzTGVuOw0KKw0KKyAgaWYgKHByaXZhdGVLZXktPmJpdHMgPiBNQVhf
UlNBX01PRFVMVVNfQklUUykNCisgICAgcmV0dXJuIChSRV9MRU4pOw0KICAg
DQogICBtb2R1bHVzTGVuID0gKHByaXZhdGVLZXktPmJpdHMgKyA3KSAvIDg7
DQogICBpZiAoaW5wdXRMZW4gKyAxMSA+IG1vZHVsdXNMZW4pDQpAQCAtMTY4
LDYgKzE3Nyw5IEBADQogICB1bnNpZ25lZCBjaGFyIHBrY3NCbG9ja1tNQVhf
UlNBX01PRFVMVVNfTEVOXTsNCiAgIHVuc2lnbmVkIGludCBpLCBtb2R1bHVz
TGVuLCBwa2NzQmxvY2tMZW47DQogICANCisgIGlmIChwcml2YXRlS2V5LT5i
aXRzID4gTUFYX1JTQV9NT0RVTFVTX0JJVFMpDQorICAgIHJldHVybiAoUkVf
TEVOKTsNCisNCiAgIG1vZHVsdXNMZW4gPSAocHJpdmF0ZUtleS0+Yml0cyAr
IDcpIC8gODsNCiAgIGlmIChpbnB1dExlbiA+IG1vZHVsdXNMZW4pDQogICAg
IHJldHVybiAoUkVfTEVOKTsNCg==
--0-1067800467-945109268=:50988--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message