rpms/openssh/F-12 openssh-5.3p1-randclean.patch, NONE, 1.1 openssh.spec, 1.177, 1.178
Jan F. Chadima
jfch2222 at fedoraproject.org
Wed Jan 20 19:12:59 UTC 2010
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7565
Modified Files:
openssh.spec
Added Files:
openssh-5.3p1-randclean.patch
Log Message:
add RAND_cleanup at the exit of each program using RAND
openssh-5.3p1-randclean.patch:
ssh-add.c | 4 ++++
ssh-keygen.c | 4 ++++
ssh-keyscan.c | 4 ++++
ssh-keysign.c | 3 +++
ssh.c | 4 ++++
sshd.c | 3 +++
6 files changed, 22 insertions(+)
--- NEW FILE openssh-5.3p1-randclean.patch ---
diff -up openssh-5.3p1/ssh-add.c.randclean openssh-5.3p1/ssh-add.c
--- openssh-5.3p1/ssh-add.c.randclean 2010-01-20 19:13:28.000000000 +0100
+++ openssh-5.3p1/ssh-add.c 2010-01-20 19:13:29.000000000 +0100
@@ -41,6 +41,7 @@
#include <sys/stat.h>
#include <sys/param.h>
+#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/fips.h>
#include "openbsd-compat/openssl-compat.h"
@@ -471,6 +472,9 @@ main(int argc, char **argv)
int use_nss = 0;
#endif
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
diff -up openssh-5.3p1/ssh.c.randclean openssh-5.3p1/ssh.c
--- openssh-5.3p1/ssh.c.randclean 2010-01-20 19:13:29.000000000 +0100
+++ openssh-5.3p1/ssh.c 2010-01-20 19:13:29.000000000 +0100
@@ -70,6 +70,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/fips.h>
@@ -220,6 +221,9 @@ main(int ac, char **av)
struct servent *sp;
Forward fwd;
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
diff -up openssh-5.3p1/sshd.c.randclean openssh-5.3p1/sshd.c
--- openssh-5.3p1/sshd.c.randclean 2010-01-20 19:13:29.000000000 +0100
+++ openssh-5.3p1/sshd.c 2010-01-20 19:13:29.000000000 +0100
@@ -1263,6 +1263,9 @@ main(int ac, char **av)
Key *key;
Authctxt *authctxt;
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
diff -up openssh-5.3p1/ssh-keygen.c.randclean openssh-5.3p1/ssh-keygen.c
--- openssh-5.3p1/ssh-keygen.c.randclean 2010-01-20 19:13:29.000000000 +0100
+++ openssh-5.3p1/ssh-keygen.c 2010-01-20 19:13:29.000000000 +0100
@@ -19,6 +19,7 @@
#include <sys/stat.h>
#include <sys/param.h>
+#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/fips.h>
@@ -1120,6 +1121,9 @@ main(int argc, char **argv)
extern int optind;
extern char *optarg;
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
diff -up openssh-5.3p1/ssh-keyscan.c.randclean openssh-5.3p1/ssh-keyscan.c
--- openssh-5.3p1/ssh-keyscan.c.randclean 2009-01-28 06:31:23.000000000 +0100
+++ openssh-5.3p1/ssh-keyscan.c 2010-01-20 19:21:16.000000000 +0100
@@ -18,6 +18,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <openssl/rand.h>
#include <openssl/bn.h>
#include <netdb.h>
@@ -730,6 +731,9 @@ main(int argc, char **argv)
extern int optind;
extern char *optarg;
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
__progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
diff -up openssh-5.3p1/ssh-keysign.c.randclean openssh-5.3p1/ssh-keysign.c
--- openssh-5.3p1/ssh-keysign.c.randclean 2006-09-01 07:38:37.000000000 +0200
+++ openssh-5.3p1/ssh-keysign.c 2010-01-20 19:13:29.000000000 +0100
@@ -158,6 +158,9 @@ main(int argc, char **argv)
u_int slen, dlen;
u_int32_t rnd[256];
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
/* Ensure that stdin and stdout are connected */
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
exit(1);
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh.spec,v
retrieving revision 1.177
retrieving revision 1.178
diff -u -p -r1.177 -r1.178
--- openssh.spec 19 Jan 2010 09:24:07 -0000 1.177
+++ openssh.spec 20 Jan 2010 19:12:59 -0000 1.178
@@ -69,7 +69,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.3p1
-Release: 15%{?dist}%{?rescue_rel}
+Release: 16%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshauth.sourceforge.net
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -109,6 +109,7 @@ Patch69: openssh-5.3p1-selabel.patch
Patch71: openssh-5.2p1-edns.patch
Patch72: openssh-5.3p1-pka.patch
Patch73: openssh-5.3p1-gsskex.patch
+Patch74: openssh-5.3p1-randclean.patch
License: BSD
Group: Applications/Internet
@@ -266,6 +267,7 @@ popd
%patch71 -p1 -b .edns
%patch72 -p1 -b .pka
%patch73 -p1 -b .gsskex
+%patch74 -p1 -b .randclean
autoreconf
@@ -525,6 +527,9 @@ fi
%endif
%changelog
+* Wed Jan 20 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-16
+- add RAND_cleanup at the exit of each program using RAND (#557166)
+
* Tue Jan 19 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-15
- set FD_CLOEXEC on accepted socket (#541809)
More information about the scm-commits
mailing list