On Sun, Jan 1, 2012 at 17:52:21 +0000, Nicholas Bamber wrote: > Julien, > The attached file is a debdiff for 1.4.03-1.1 -> 1.4.03-1.2. I have not > run an FTBS test on it but I wanted to know if I was on the right lines. > Looks basically ok, there's a couple oddities but I guess they're that way upstream? > diff -u maradns-1.4.03/debian/copyright maradns-1.4.03/debian/copyright > --- maradns-1.4.03/debian/copyright > +++ maradns-1.4.03/debian/copyright > @@ -4,7 +4,7 @@ > > Files: * > Copyright: > - (C) 2002-2010 Sam Trenholme <maradns@gmail.com> > + (C) 2002-2011 Sam Trenholme <maradns@gmail.com> > License: BSD license > > Files: debian/* > diff -u maradns-1.4.03/debian/changelog maradns-1.4.03/debian/changelog > --- maradns-1.4.03/debian/changelog > +++ maradns-1.4.03/debian/changelog > @@ -1,3 +1,9 @@ > +maradns (1.4.03-1.2) stable; urgency=low > + > + * Applied patch to ensure adequate entropy (Closes: #653838) > + > + -- Nicholas Bamber <nicholas@periapt.co.uk> Sun, 01 Jan 2012 16:29:53 +0000 > + > maradns (1.4.03-1.1) unstable; urgency=high > > * Non-maintainer upload by the Security Team > only in patch2: > unchanged: > --- maradns-1.4.03.orig/server/MaraDNS.c > +++ maradns-1.4.03/server/MaraDNS.c > @@ -3933,6 +3933,24 @@ > int recurse_number_ports = 4096; > #endif > > + /* First order of business: Initialize the hash */ > + if(mhash_set_add_constant( > +#ifdef MINGW32 > + "secret.txt" > +#else > + "/dev/urandom" > +#endif > + ) != 1) { > + printf( > +#ifdef MINGW32 > + "Fatal error opening secret.txt" > +#else > + "Fatal error opening /dev/urandom" > +#endif Shouldn't that go to stderr? > + ); > + return 32; > + } > + > memset(&client,0,sizeof(client)); /* Initialize ya variables */ > clin = (struct sockaddr_in *)&client; > #ifdef AUTHONLY > only in patch2: > unchanged: > --- maradns-1.4.03.orig/libs/MaraHash.c > +++ maradns-1.4.03/libs/MaraHash.c > @@ -1,4 +1,4 @@ > -/* Copyright (c) 2006 Sam Trenholme > +/* Copyright (c) 2006,2011 Sam Trenholme > * > * TERMS > * > @@ -32,6 +32,7 @@ > #include "JsStr.h" > #endif > #include "MaraHash.h" > +#include <stdio.h> > > /* Masks to limit the size of the hash */ > /* These are powers of two, minus one */ > @@ -41,6 +42,8 @@ > 16777215, 33554431, 67108863, 134217727, > 268435455, 536870911, 1073741823 }; > > +mhash_offset mhash_secret_add_constant = 7; > + > /* Create a new, blank mhash object > input: none > output: pointer to the object in quesiton on success, NULL (0) > @@ -100,6 +103,7 @@ > /* Simple enough hash */ > while(point < max) { > ret += (mhash_offset)(*point << shift); > + ret += mhash_secret_add_constant; odd indent. > shift += 7; > shift %= hash_bits; > point++; > @@ -684,3 +688,23 @@ > return tuple->tuple_list[element]; > } > > +/* Read four bytes from a filename and use that as a secret add constant */ > +int mhash_set_add_constant(char *filename) { > + FILE *read = 0; and odd choice of variable name. > + > + read = fopen(filename,"rb"); > + if(read == NULL) { > + return -1; > + } > + > + mhash_secret_add_constant ^= getc(read); > + mhash_secret_add_constant <<= 8; > + mhash_secret_add_constant ^= getc(read); > + mhash_secret_add_constant <<= 8; > + mhash_secret_add_constant ^= getc(read); > + mhash_secret_add_constant <<= 7; > + mhash_secret_add_constant ^= getc(read); > + fclose(read); > + return 1; > +} > + > only in patch2: > unchanged: > --- maradns-1.4.03.orig/libs/functions_MaraHash.h > +++ maradns-1.4.03/libs/functions_MaraHash.h > @@ -39,3 +39,5 @@ > */ > void *mhash_undef(mhash *hash, js_string *key); > > +/* Read four bytes from a filename and use that as a secret add constant */ > +int mhash_set_add_constant(char *filename); Cheers, Julien
Attachment:
signature.asc
Description: Digital signature