head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.92 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.90 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.88 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.86 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.84 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.82 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.80 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.78 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.76 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.74 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.72 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.70 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.68 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.66 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.64 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.62 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.60 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.58 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.56 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.54 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.52 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.50 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.48 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.44 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.24 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.46 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.42 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.40 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.38 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.36 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.34 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.32 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.30 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.28 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.26 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.22 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.20 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.18 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.16 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.14 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.12 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.10 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.8 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.6 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.4 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.2 pkgsrc-2014Q4-base:1.1; locks; strict; comment @// @; 1.1 date 2014.11.18.13.40.57; author he; state Exp; branches; next ; commitid dY1mkGx2TgloDFYx; desc @@ 1.1 log @Adapt a fix for SA59651, similar to CVE-2014-3209 from the code branch fro SoftHSMv2: ensure created pkcs8 file is not group- or world-readable. Rename patch-aa to patch-Makefile.in, and add a comment. Bump PKGREVISION. @ text @$NetBSD$ Adapt fix for SA59651, similar to CVE-2014-3209, from https://github.com/bellgrim/SoftHSMv2/commit/492447cd4a2be449e99fb9ad2519ea3277aaad28 Ensure created pkcs8 file is not group- or world-readable. --- src/bin/softhsm-keyconv.cpp.orig 2014-05-28 05:59:14.000000000 +0000 +++ src/bin/softhsm-keyconv.cpp @@@@ -48,6 +48,10 @@@@ #include #include #include +#include +#include +#include +#include void usage() { printf("Converting between BIND .private-key format and PKCS#8 key file format.\n"); @@@@ -391,6 +395,15 @@@@ int to_pkcs8(char *in_path, char *out_pa return 1; } + // Create and set file permissions if the file does not exist. + int fd = open(out_path, O_CREAT, S_IRUSR | S_IWUSR); + if (fd == -1) { + fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", + out_path, errno); + return 1; + } + ::close(fd); + // Save the the key to the disk switch(algorithm) { case DNS_KEYALG_ERROR: @