Julien, The attached file is a debdiff for 1.4.03-1.1 -> 1.4.03-1.2. I have not run an FTBS test on it but I wanted to know if I was on the right lines.
On 31/12/11 15:00, Julien Cristau wrote: > On Sat, Dec 31, 2011 at 14:30:04 +0000, Nicholas Bamber wrote: > >> As per the attached email, I wonder if you would be interested in point >> releases for the old versions of maradns to fix #653838 and what the >> relevant timescales would be. >> > Yes. The next (and last) lenny point release is planned for late > February or early March, and the next squeeze point release should be in > the second half of January. Packages would have to be uploaded and > accepted at least a week in advance. > > Please send source debdiffs for both lenny and squeeze to the d-release > list so they can be reviewed in advance of an upload. > >> There is also the question of unarchiving and fixing #584587 in the >> lenny version whilst we still have the chance. > > That'd depend on the actual diff, what would that look like? > > Cheers, > Julien -- Nicholas Bamber | http://www.periapt.co.uk/ PGP key 3BFFE73C from pgp.mit.edu
diff -u maradns-1.4.03/debian/copyright maradns-1.4.03/debian/copyright --- maradns-1.4.03/debian/copyright +++ maradns-1.4.03/debian/copyright @@ -4,7 +4,7 @@ Files: * Copyright: - (C) 2002-2010 Sam Trenholme <mara...@gmail.com> + (C) 2002-2011 Sam Trenholme <mara...@gmail.com> License: BSD license Files: debian/* diff -u maradns-1.4.03/debian/changelog maradns-1.4.03/debian/changelog --- maradns-1.4.03/debian/changelog +++ maradns-1.4.03/debian/changelog @@ -1,3 +1,9 @@ +maradns (1.4.03-1.2) stable; urgency=low + + * Applied patch to ensure adequate entropy (Closes: #653838) + + -- Nicholas Bamber <nicho...@periapt.co.uk> Sun, 01 Jan 2012 16:29:53 +0000 + maradns (1.4.03-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team only in patch2: unchanged: --- maradns-1.4.03.orig/server/MaraDNS.c +++ maradns-1.4.03/server/MaraDNS.c @@ -3933,6 +3933,24 @@ int recurse_number_ports = 4096; #endif + /* First order of business: Initialize the hash */ + if(mhash_set_add_constant( +#ifdef MINGW32 + "secret.txt" +#else + "/dev/urandom" +#endif + ) != 1) { + printf( +#ifdef MINGW32 + "Fatal error opening secret.txt" +#else + "Fatal error opening /dev/urandom" +#endif + ); + return 32; + } + memset(&client,0,sizeof(client)); /* Initialize ya variables */ clin = (struct sockaddr_in *)&client; #ifdef AUTHONLY only in patch2: unchanged: --- maradns-1.4.03.orig/libs/MaraHash.c +++ maradns-1.4.03/libs/MaraHash.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2006 Sam Trenholme +/* Copyright (c) 2006,2011 Sam Trenholme * * TERMS * @@ -32,6 +32,7 @@ #include "JsStr.h" #endif #include "MaraHash.h" +#include <stdio.h> /* Masks to limit the size of the hash */ /* These are powers of two, minus one */ @@ -41,6 +42,8 @@ 16777215, 33554431, 67108863, 134217727, 268435455, 536870911, 1073741823 }; +mhash_offset mhash_secret_add_constant = 7; + /* Create a new, blank mhash object input: none output: pointer to the object in quesiton on success, NULL (0) @@ -100,6 +103,7 @@ /* Simple enough hash */ while(point < max) { ret += (mhash_offset)(*point << shift); + ret += mhash_secret_add_constant; shift += 7; shift %= hash_bits; point++; @@ -684,3 +688,23 @@ return tuple->tuple_list[element]; } +/* Read four bytes from a filename and use that as a secret add constant */ +int mhash_set_add_constant(char *filename) { + FILE *read = 0; + + read = fopen(filename,"rb"); + if(read == NULL) { + return -1; + } + + mhash_secret_add_constant ^= getc(read); + mhash_secret_add_constant <<= 8; + mhash_secret_add_constant ^= getc(read); + mhash_secret_add_constant <<= 8; + mhash_secret_add_constant ^= getc(read); + mhash_secret_add_constant <<= 7; + mhash_secret_add_constant ^= getc(read); + fclose(read); + return 1; +} + only in patch2: unchanged: --- maradns-1.4.03.orig/libs/functions_MaraHash.h +++ maradns-1.4.03/libs/functions_MaraHash.h @@ -39,3 +39,5 @@ */ void *mhash_undef(mhash *hash, js_string *key); +/* Read four bytes from a filename and use that as a secret add constant */ +int mhash_set_add_constant(char *filename);