Subject: Re: [PINE-CERT-20020301] OpenSSH off-by-one
To: Steven M. Bellovin <>
From: Michael Kukat <>
List: netbsd-users
Date: 03/07/2002 19:07:00
Hi !

On Thu, 7 Mar 2002, Steven M. Bellovin wrote:
> The problem is that openssh 3.1 will not compile with the version
> of openssl in 1.5.2.  Is it safe to install the pkgsrc version on such
> systems?  Will it override properly in the build process?  I think I'm
> going to just apply the one-line patch for now, but that may not be
> feasible for the next hole.

Watch this:

[michael@calchas michael]$ grep OPENSSL /etc/mk.conf
[michael@calchas michael]$ /usr/sbin/pkg_info|grep openss
openssl-0.9.6nb2    Secure Socket Layer and cryptographic library
openssh-     Open Source Secure shell client and server (remote login program)

so, now i'll grab 3.1 and build it, including the S/Key-patch (just add the
necessary parameter in the function the compiler complains about during
build, if you want to include S/Key).

BTW: It is safe to delete the old base-OpenSSH-stuff, and rename the "openssl"-
executable to "openssl.old" or so.


--    Home network powered by: NetBSD OpenBSD FreeBSD IRIX
Solaris AIX HP-UX Tru64 MUNIX Ultrix VMS SINIX Dolphin_Unix OpenStep MacOS A/UX