From issei@issei.org Mon Nov 22 21:49:30 1999
Return-Path: <issei@issei.org>
Received: from mx1.issei.org (mx1.issei.org [210.254.221.66])
	by hub.freebsd.org (Postfix) with ESMTP id 5B73414A04
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Nov 1999 21:49:28 -0800 (PST)
	(envelope-from issei@issei.org)
Received: from localhost (mx1.issei.org [210.254.221.66])
	by mx1.issei.org (8.9.3+3.2W/3.7W-v6) with ESMTP/IPv4 id OAA33036
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Nov 1999 14:48:54 +0900 (JST)
	(envelope-from issei@issei.org)
Message-Id: <19991123143414I.issei@issei.org>
Date: Tue, 23 Nov 1999 14:34:14 +0900
From: issei@jp.FreeBSD.org
Sender: Issei Suzuki <issei@issei.org>
Reply-To: issei@jp.FreeBSD.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: Fix port : security/ssh2
X-Send-Pr-Version: 3.2

>Number:         15059
>Category:       ports
>Synopsis:       Fix fetching problem on security/ssh2 port
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 22 21:50:02 PST 1999
>Closed-Date:    Wed Nov 24 13:45:49 PST 1999
>Last-Modified:  Wed Nov 24 13:46:11 PST 1999
>Originator:     Issei Suzuki
>Release:        FreeBSD 3.3-RELEASE i386
>Organization:
Individual
>Environment:

	

>Description:

	The patch file patch-ssh-2.0.13-bsd.tty.chown have been deleted
	from PATCH_SITES, so port is broken now.

	The problem that patch-ssh-2.0.13-bsd.tty.chown fixes is:

	1. non-privileged user can set file flags (by chflag(2)) on
	   terminal device he or she use, such as /dev/ttyp0

	2. If file flag is set on terminal device, chown (2) by ssh daemon
	   may fail. But ssh daemon does not check return value from chown.

	3. So, non-privilaged user can snoof data stream throw terminal
	   device.


	This problem is also pointed out on FreeBSD-SA-99:01 and is
	corrected after FreeBSD 3.3-RELEASE.  So, we does not need to use
	the patch-ssh-2.0.13-bsd.tty.chown anymore.
	
>How-To-Repeat:

	

>Fix:

diff -urN ssh2.old/Makefile ssh2/Makefile
--- ssh2.old/Makefile	Tue Nov 23 14:10:17 1999
+++ ssh2/Makefile	Tue Nov 23 14:15:41 1999
@@ -14,10 +14,6 @@
 		ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
 		ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/
 
-PATCH_SITES=	http://www.ssh.fi/sshprotocols2/patches/
-PATCHFILES=	patch-${DISTNAME}-bsd.tty.chown
-PATCH_DIST_STRIP= -p1
-
 MAINTAINER=	issei@jp.FreeBSD.org
 
 RESTRICTED=	"Crypto; export-controlled"

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sada 
State-Changed-When: Wed Nov 24 13:45:49 PST 1999 
State-Changed-Why:  
Committed, thanks. 
>Unformatted:
