On 2015/09/21 14:59, Patrik Lundin wrote: > Hello, > > Looking around I noticed NetBSD and Debian had a few (somewhat > different) fixes for the softhsm tool creating some sensitive files with > too wide permissions. > > This has been handled upstream in SOFTHSM-101: > https://issues.opendnssec.org/browse/SOFTHSM-101 > > It was merged to the development branch in git commit > e853dc5b34d00a09e3e114cb4914b06c01c72b1c. > > I have exported the diff using the following URL: > https://github.com/opendnssec/SoftHSMv1/commit/e853dc5b34d00a09e3e114cb4914b06c01c72b1c.diff > > After removing the part modifying NEWS I applied the diff using > patch(1): > === > # patch -p1 -i e853dc5b34d00a09e3e114cb4914b06c01c72b1c.diff > === > > I have verified that this makes the files created by softhsm --export as > well has softhsm-keyconv have 0600 permissions. > > See below for diff against the port which also adds REVISION=0 to the > Makefile.
Thanks, committed. I added comments to patches with the headers from https://github.com/opendnssec/SoftHSMv1/commit/e853dc5b34d00a09e3e114cb4914b06c01c72b1c.patch