[pkgsrc/pkgsrc-2006Q1]: pkgsrc/security/lsh Pullup ticket 1329 - requested by...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f537e38d80f2
branches:  pkgsrc-2006Q1
changeset: 510188:f537e38d80f2
user:      snj <snj%pkgsrc.org@localhost>
date:      Thu Apr 06 00:47:01 2006 +0000

description:
Pullup ticket 1329 - requested by salo
security fix for lsh

Revisions pulled up:
- pkgsrc/security/lsh/Makefile          1.13
- pkgsrc/security/lsh/distinfo          1.5
- pkgsrc/security/lsh/patches/patch-ad  1.1

  Module Name:    pkgsrc
  Committed By:   salo
  Date:           Wed Apr  5 23:59:33 UTC 2006

  Modified Files:
          pkgsrc/security/lsh: Makefile distinfo
  Added Files:
          pkgsrc/security/lsh/patches: patch-ad

  Log Message:
  Backport fix for CVE-2006-0353 from lsh2:

  "unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related
   to the randomness generator, which allows local users to cause a denial
   of service by truncating the seed file, which prevents the server from
   starting, or obtain sensitive seed information that could be used to
   crack keys."

diffstat:

 security/lsh/Makefile         |   4 ++--
 security/lsh/distinfo         |   3 ++-
 security/lsh/patches/patch-ad |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r 0ac32f8b33ac -r f537e38d80f2 security/lsh/Makefile
--- a/security/lsh/Makefile     Thu Apr 06 00:39:19 2006 +0000
+++ b/security/lsh/Makefile     Thu Apr 06 00:47:01 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2006/03/04 21:30:34 jlam Exp $
+# $NetBSD: Makefile,v 1.12.2.1 2006/04/06 00:47:01 snj Exp $
 #
 
 DISTNAME=              lsh-1.4.3
-PKGREVISION=   3
+PKGREVISION=           4
 CATEGORIES=            security
 MASTER_SITES=          ftp://ftp.lysator.liu.se/pub/security/lsh/
 
diff -r 0ac32f8b33ac -r f537e38d80f2 security/lsh/distinfo
--- a/security/lsh/distinfo     Thu Apr 06 00:39:19 2006 +0000
+++ b/security/lsh/distinfo     Thu Apr 06 00:47:01 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2005/04/30 12:23:42 drochner Exp $
+$NetBSD: distinfo,v 1.4.8.1 2006/04/06 00:47:01 snj Exp $
 
 SHA1 (lsh-1.4.3.tar.gz) = 25cb15a0851b3209cc5b3552344fedf80221ad6f
 RMD160 (lsh-1.4.3.tar.gz) = c5bc410396f6426e2e609ded97296424d8a3bd46
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 08cb6cf3f28ae2281d109e20dc9585111009ea50
 SHA1 (patch-ab) = 179647434ecf7a4b42e301f1ac1c794f217d69d0
 SHA1 (patch-ac) = af2659ae7edb797481172c467936383e6d5a7f8a
+SHA1 (patch-ad) = 6ac62f9b78cddc7815f124543d3cb8b9a76563e6
diff -r 0ac32f8b33ac -r f537e38d80f2 security/lsh/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/lsh/patches/patch-ad     Thu Apr 06 00:47:01 2006 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ad,v 1.1.2.2 2006/04/06 00:47:01 snj Exp $
+
+--- src/unix_random.c.orig     2001-12-12 19:23:51.000000000 +0100
++++ src/unix_random.c  2006-04-06 01:45:14.000000000 +0200
+@@ -258,6 +258,7 @@
+       if (self->device_fd < 0)
+       return 0;
+ 
++      io_set_close_on_exec(self->device_fd);
+       self->device_last_read = now;
+     }
+ 
+@@ -382,6 +383,7 @@
+       return NULL;
+       }
+ 
++    io_set_close_on_exec(self->seed_file_fd);
+     trace("random_init, reading seed file...\n");
+     
+     if (!read_initial_seed_file(&self->yarrow, self->seed_file_fd))