diff options
| author | salo <salo@pkgsrc.org> | 2006-04-05 23:59:33 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2006-04-05 23:59:33 +0000 |
| commit | ee92540718001e104b15754ccdd149f4efbc22a7 (patch) | |
| tree | ffc58191a948eda45eeb9bfeb9d4fc90ff168300 /security/lsh | |
| parent | fd2469543bbc8b1096335bace64e41d38dff05f3 (diff) | |
| download | pkgsrc-ee92540718001e104b15754ccdd149f4efbc22a7.tar.gz | |
Backport fix for CVE-2006-0353 from lsh2:
"unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related
to the randomness generator, which allows local users to cause a denial
of service by truncating the seed file, which prevents the server from
starting, or obtain sensitive seed information that could be used to
crack keys."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0353
Diffstat (limited to 'security/lsh')
| -rw-r--r-- | security/lsh/Makefile | 4 | ||||
| -rw-r--r-- | security/lsh/distinfo | 3 | ||||
| -rw-r--r-- | security/lsh/patches/patch-ad | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/security/lsh/Makefile b/security/lsh/Makefile index 0dafa44204f..fa883990e74 100644 --- a/security/lsh/Makefile +++ b/security/lsh/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.12 2006/03/04 21:30:34 jlam Exp $ +# $NetBSD: Makefile,v 1.13 2006/04/05 23:59:33 salo Exp $ # DISTNAME= lsh-1.4.3 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= ftp://ftp.lysator.liu.se/pub/security/lsh/ diff --git a/security/lsh/distinfo b/security/lsh/distinfo index cb9a796035a..3b2dbf3965a 100644 --- a/security/lsh/distinfo +++ b/security/lsh/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2005/04/30 12:23:42 drochner Exp $ +$NetBSD: distinfo,v 1.5 2006/04/05 23:59:33 salo Exp $ SHA1 (lsh-1.4.3.tar.gz) = 25cb15a0851b3209cc5b3552344fedf80221ad6f RMD160 (lsh-1.4.3.tar.gz) = c5bc410396f6426e2e609ded97296424d8a3bd46 @@ -6,3 +6,4 @@ Size (lsh-1.4.3.tar.gz) = 1414008 bytes SHA1 (patch-aa) = 08cb6cf3f28ae2281d109e20dc9585111009ea50 SHA1 (patch-ab) = 179647434ecf7a4b42e301f1ac1c794f217d69d0 SHA1 (patch-ac) = af2659ae7edb797481172c467936383e6d5a7f8a +SHA1 (patch-ad) = 6ac62f9b78cddc7815f124543d3cb8b9a76563e6 diff --git a/security/lsh/patches/patch-ad b/security/lsh/patches/patch-ad new file mode 100644 index 00000000000..051022949ee --- /dev/null +++ b/security/lsh/patches/patch-ad @@ -0,0 +1,20 @@ +$NetBSD: patch-ad,v 1.1 2006/04/05 23:59:33 salo Exp $ + +--- src/unix_random.c.orig 2001-12-12 19:23:51.000000000 +0100 ++++ src/unix_random.c 2006-04-06 01:45:14.000000000 +0200 +@@ -258,6 +258,7 @@ + if (self->device_fd < 0) + return 0; + ++ io_set_close_on_exec(self->device_fd); + self->device_last_read = now; + } + +@@ -382,6 +383,7 @@ + return NULL; + } + ++ io_set_close_on_exec(self->seed_file_fd); + trace("random_init, reading seed file...\n"); + + if (!read_initial_seed_file(&self->yarrow, self->seed_file_fd)) |