1 Aug
2002
1 Aug
'02
09:04
The version available on freebsd.org is not trojaned. the md5 checksum shows the tarball that FreeBSD is distributing is the correct 1, and OpenBSD's is different.
to be a little more concrete: about 10 minutes ago I downloaded the tarball of openssh-3.4p1 which is actually available on >ftp.openbsd.org. I untared it, cd'd to openbsd-compat and did a gcc bf-test.c -o bf-test. After this I did sh bftest > bftest.sh and finally >got a shell script which contains the same as reported on the link below. So there is definitively a connection attempt to this server - but actually >I do not know waht it is good for. Could there be some legal reaseon for this?!?