From owner-freebsd-ports  Mon Nov 22 21:50:21 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 428171501C
	for <freebsd-ports@FreeBSD.org>; Mon, 22 Nov 1999 21:50:17 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id VAA93124;
	Mon, 22 Nov 1999 21:50:02 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from mx1.issei.org (mx1.issei.org [210.254.221.66])
	by hub.freebsd.org (Postfix) with ESMTP id 5B73414A04
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Nov 1999 21:49:28 -0800 (PST)
	(envelope-from issei@issei.org)
Received: from localhost (mx1.issei.org [210.254.221.66])
	by mx1.issei.org (8.9.3+3.2W/3.7W-v6) with ESMTP/IPv4 id OAA33036
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Nov 1999 14:48:54 +0900 (JST)
	(envelope-from issei@issei.org)
Message-Id: <19991123143414I.issei@issei.org>
Date: Tue, 23 Nov 1999 14:34:14 +0900
From: issei@jp.FreeBSD.org
Reply-To: issei@jp.FreeBSD.org
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: ports/15059: Fix port : security/ssh2
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         15059
>Category:       ports
>Synopsis:       Fix fetching problem on security/ssh2 port
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 22 21:50:02 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Issei Suzuki
>Release:        FreeBSD 3.3-RELEASE i386
>Organization:
Individual
>Environment:

	

>Description:

	The patch file patch-ssh-2.0.13-bsd.tty.chown have been deleted
	from PATCH_SITES, so port is broken now.

	The problem that patch-ssh-2.0.13-bsd.tty.chown fixes is:

	1. non-privileged user can set file flags (by chflag(2)) on
	   terminal device he or she use, such as /dev/ttyp0

	2. If file flag is set on terminal device, chown (2) by ssh daemon
	   may fail. But ssh daemon does not check return value from chown.

	3. So, non-privilaged user can snoof data stream throw terminal
	   device.


	This problem is also pointed out on FreeBSD-SA-99:01 and is
	corrected after FreeBSD 3.3-RELEASE.  So, we does not need to use
	the patch-ssh-2.0.13-bsd.tty.chown anymore.
	
>How-To-Repeat:

	

>Fix:

diff -urN ssh2.old/Makefile ssh2/Makefile
--- ssh2.old/Makefile	Tue Nov 23 14:10:17 1999
+++ ssh2/Makefile	Tue Nov 23 14:15:41 1999
@@ -14,10 +14,6 @@
 		ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
 		ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/
 
-PATCH_SITES=	http://www.ssh.fi/sshprotocols2/patches/
-PATCHFILES=	patch-${DISTNAME}-bsd.tty.chown
-PATCH_DIST_STRIP= -p1
-
 MAINTAINER=	issei@jp.FreeBSD.org
 
 RESTRICTED=	"Crypto; export-controlled"

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message