diff options
author | Kris Kennaway <kris@FreeBSD.org> | 2001-02-09 22:56:39 +0000 |
---|---|---|
committer | Kris Kennaway <kris@FreeBSD.org> | 2001-02-09 22:56:39 +0000 |
commit | d6bcba78376a7f5f10789644764c663f2b8ca1ae (patch) | |
tree | 6a0ad182d99f6e91fd87853ca36f5a7bcdd2723e /security/ssh | |
parent | Bump PORTREVISION due to security fix. (diff) |
Commit fixes for the two recent security problems found by BINDVIEW
and Core-SDI, and bump PORTREVISION.
Notes
Notes:
svn path=/head/; revision=38156
Diffstat (limited to 'security/ssh')
-rw-r--r-- | security/ssh/Makefile | 4 | ||||
-rw-r--r-- | security/ssh/files/patch-ay | 20 | ||||
-rw-r--r-- | security/ssh/files/patch-az | 12 |
3 files changed, 34 insertions, 2 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile index 274d190d3969..cd1cae108e01 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -10,7 +10,7 @@ PORTNAME= ssh PORTVERSION= 1.2.27 # Note, 1.2.30 is under a more restrictive license -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.cs.engr.uky.edu/cs/software/ \ ftp://ftp.cs.umn.edu/dept/users/rybski/ \ @@ -23,7 +23,7 @@ MASTER_SITES= ftp://ftp.cs.engr.uky.edu/cs/software/ \ MAINTAINER= ports@FreeBSD.org -FORBIDDEN= "Remote vulnerabilities" +#FORBIDDEN= "Remote vulnerabilities" #RESTRICTED= "Crypto: export-controlled" diff --git a/security/ssh/files/patch-ay b/security/ssh/files/patch-ay new file mode 100644 index 000000000000..51e949e323e3 --- /dev/null +++ b/security/ssh/files/patch-ay @@ -0,0 +1,20 @@ +--- rsaglue.c 1999/12/10 23:27:25 1.8 ++++ rsaglue.c 2001/02/03 09:42:05 +@@ -264,7 +268,15 @@ + mpz_clear(&aux); + + if (value[0] != 0 || value[1] != 2) +- fatal("Bad result from rsa_private_decrypt"); ++ { ++ static time_t last_kill_time = 0; ++ if (time(NULL) - last_kill_time > 60 && getppid() != 1) ++ { ++ last_kill_time = time(NULL); ++ kill(SIGALRM, getppid()); ++ } ++ fatal("Bad result from rsa_private_decrypt"); ++ } + + for (i = 2; i < len && value[i]; i++) + ; + diff --git a/security/ssh/files/patch-az b/security/ssh/files/patch-az new file mode 100644 index 000000000000..e09b6edda900 --- /dev/null +++ b/security/ssh/files/patch-az @@ -0,0 +1,12 @@ +--- deattack.c-old Wed Feb 7 19:45:16 2001 ++++ deattack.c Wed Feb 7 19:54:11 2001 +@@ -79,7 +79,7 @@ + detect_attack(unsigned char *buf, word32 len, unsigned char *IV) + { + static word16 *h = (word16 *) NULL; +- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; ++ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; + register word32 i, j; + word32 l; + register unsigned char *c; + |