diff options
| author | snj <snj> | 2006-04-06 00:47:01 +0000 |
|---|---|---|
| committer | snj <snj> | 2006-04-06 00:47:01 +0000 |
| commit | 4bcc6f027c174dac6599841d57ed0f5276635899 (patch) | |
| tree | 27310caa4f1b341c7e2a88dddf0f4d3607aac874 /security/lsh | |
| parent | 5740bead3384fef975d6235cb0220cc99ac0ce2f (diff) | |
| download | pkgsrc-4bcc6f027c174dac6599841d57ed0f5276635899.tar.gz | |
Pullup ticket 1329 - requested by salo
security fix for lsh
Revisions pulled up:
- pkgsrc/security/lsh/Makefile 1.13
- pkgsrc/security/lsh/distinfo 1.5
- pkgsrc/security/lsh/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 5 23:59:33 UTC 2006
Modified Files:
pkgsrc/security/lsh: Makefile distinfo
Added Files:
pkgsrc/security/lsh/patches: patch-ad
Log Message:
Backport fix for CVE-2006-0353 from lsh2:
"unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related
to the randomness generator, which allows local users to cause a denial
of service by truncating the seed file, which prevents the server from
starting, or obtain sensitive seed information that could be used to
crack keys."
Diffstat (limited to 'security/lsh')
| -rw-r--r-- | security/lsh/Makefile | 4 | ||||
| -rw-r--r-- | security/lsh/distinfo | 3 | ||||
| -rw-r--r-- | security/lsh/patches/patch-ad | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/security/lsh/Makefile b/security/lsh/Makefile index 0dafa44204f..8ffecffac83 100644 --- a/security/lsh/Makefile +++ b/security/lsh/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.12 2006/03/04 21:30:34 jlam Exp $ +# $NetBSD: Makefile,v 1.12.2.1 2006/04/06 00:47:01 snj Exp $ # DISTNAME= lsh-1.4.3 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= ftp://ftp.lysator.liu.se/pub/security/lsh/ diff --git a/security/lsh/distinfo b/security/lsh/distinfo index cb9a796035a..f470d5a29f6 100644 --- a/security/lsh/distinfo +++ b/security/lsh/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2005/04/30 12:23:42 drochner Exp $ +$NetBSD: distinfo,v 1.4.8.1 2006/04/06 00:47:01 snj Exp $ SHA1 (lsh-1.4.3.tar.gz) = 25cb15a0851b3209cc5b3552344fedf80221ad6f RMD160 (lsh-1.4.3.tar.gz) = c5bc410396f6426e2e609ded97296424d8a3bd46 @@ -6,3 +6,4 @@ Size (lsh-1.4.3.tar.gz) = 1414008 bytes SHA1 (patch-aa) = 08cb6cf3f28ae2281d109e20dc9585111009ea50 SHA1 (patch-ab) = 179647434ecf7a4b42e301f1ac1c794f217d69d0 SHA1 (patch-ac) = af2659ae7edb797481172c467936383e6d5a7f8a +SHA1 (patch-ad) = 6ac62f9b78cddc7815f124543d3cb8b9a76563e6 diff --git a/security/lsh/patches/patch-ad b/security/lsh/patches/patch-ad new file mode 100644 index 00000000000..1c10614b266 --- /dev/null +++ b/security/lsh/patches/patch-ad @@ -0,0 +1,20 @@ +$NetBSD: patch-ad,v 1.1.2.2 2006/04/06 00:47:01 snj Exp $ + +--- src/unix_random.c.orig 2001-12-12 19:23:51.000000000 +0100 ++++ src/unix_random.c 2006-04-06 01:45:14.000000000 +0200 +@@ -258,6 +258,7 @@ + if (self->device_fd < 0) + return 0; + ++ io_set_close_on_exec(self->device_fd); + self->device_last_read = now; + } + +@@ -382,6 +383,7 @@ + return NULL; + } + ++ io_set_close_on_exec(self->seed_file_fd); + trace("random_init, reading seed file...\n"); + + if (!read_initial_seed_file(&self->yarrow, self->seed_file_fd)) |