diff options
| author | kris <kris@FreeBSD.org> | 2001-02-09 22:56:39 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2001-02-09 22:56:39 +0000 |
| commit | 39d23b055b6b7d9b0630295d51fd6a3d32542a3b (patch) | |
| tree | b1e564018e94e30846739c22c5e4005be8041328 /security/ssh | |
| parent | 275af1f2cd7486619848ad2130708d7178da8853 (diff) | |
| download | FreeBSD-ports-39d23b055b6b7d9b0630295d51fd6a3d32542a3b.zip FreeBSD-ports-39d23b055b6b7d9b0630295d51fd6a3d32542a3b.tar.gz | |
Commit fixes for the two recent security problems found by BINDVIEW
and Core-SDI, and bump PORTREVISION.
Diffstat (limited to 'security/ssh')
| -rw-r--r-- | security/ssh/Makefile | 4 | ||||
| -rw-r--r-- | security/ssh/files/patch-ay | 20 | ||||
| -rw-r--r-- | security/ssh/files/patch-az | 12 |
3 files changed, 34 insertions, 2 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile index 274d190..cd1cae1 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -10,7 +10,7 @@ PORTNAME= ssh PORTVERSION= 1.2.27 # Note, 1.2.30 is under a more restrictive license -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.cs.engr.uky.edu/cs/software/ \ ftp://ftp.cs.umn.edu/dept/users/rybski/ \ @@ -23,7 +23,7 @@ MASTER_SITES= ftp://ftp.cs.engr.uky.edu/cs/software/ \ MAINTAINER= ports@FreeBSD.org -FORBIDDEN= "Remote vulnerabilities" +#FORBIDDEN= "Remote vulnerabilities" #RESTRICTED= "Crypto: export-controlled" diff --git a/security/ssh/files/patch-ay b/security/ssh/files/patch-ay new file mode 100644 index 0000000..51e949e --- /dev/null +++ b/security/ssh/files/patch-ay @@ -0,0 +1,20 @@ +--- rsaglue.c 1999/12/10 23:27:25 1.8 ++++ rsaglue.c 2001/02/03 09:42:05 +@@ -264,7 +268,15 @@ + mpz_clear(&aux); + + if (value[0] != 0 || value[1] != 2) +- fatal("Bad result from rsa_private_decrypt"); ++ { ++ static time_t last_kill_time = 0; ++ if (time(NULL) - last_kill_time > 60 && getppid() != 1) ++ { ++ last_kill_time = time(NULL); ++ kill(SIGALRM, getppid()); ++ } ++ fatal("Bad result from rsa_private_decrypt"); ++ } + + for (i = 2; i < len && value[i]; i++) + ; + diff --git a/security/ssh/files/patch-az b/security/ssh/files/patch-az new file mode 100644 index 0000000..e09b6ed --- /dev/null +++ b/security/ssh/files/patch-az @@ -0,0 +1,12 @@ +--- deattack.c-old Wed Feb 7 19:45:16 2001 ++++ deattack.c Wed Feb 7 19:54:11 2001 +@@ -79,7 +79,7 @@ + detect_attack(unsigned char *buf, word32 len, unsigned char *IV) + { + static word16 *h = (word16 *) NULL; +- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; ++ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; + register word32 i, j; + word32 l; + register unsigned char *c; + |
