pool/haveged
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 53806 from security

Browse Source 
Accepted submit request 53806 from user elvigia

OBS-URL: https://build.opensuse.org/request/show/53806
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haveged?expand=0&rev=6
This commit is contained in:
Ruediger Oertel 2010-11-24 09:46:06 +00:00 committed by Git OBS Bridge
commit 099a9adc8d
6 changed files with 14 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
haveged-0.9-cloexec.patch
View File

@ -1,68 +0,0 @@
Index: src/haveged.c
===================================================================
--- src/haveged.c.orig 2009-09-02 18:58:14.000000000 +0200
+++ src/haveged.c 2010-07-26 17:14:35.334236000 +0200
@@ -83,7 +83,7 @@ void daemonize(struct hperf *perf)
signal(SIGTERM, tidy_exit);
if (daemon(0, 0) == -1)
error_exit("Cannot fork into the background");
- fh = fopen(params->pid_file, "w");
+ fh = fopen(params->pid_file, "we");
if (!fh)
error_exit("Couldn't open PID file \"%s\" for writing: %m.", params->pid_file);
fprintf(fh, "%i", getpid());
@@ -147,12 +147,12 @@ int get_poolsize()
int max_bits,major,minor;
if (params->run_level==0) {
- poolsize_fh = fopen(params->poolsize, "rb");
+ poolsize_fh = fopen(params->poolsize, "rbe");
if (poolsize_fh) {
if (fscanf(poolsize_fh, "%d", &max_bits)!=1)
max_bits = -1;
fclose(poolsize_fh);
- osrel_fh = fopen(params->os_rel, "rb");
+ osrel_fh = fopen(params->os_rel, "rbe");
if (osrel_fh) {
if (fscanf(osrel_fh,"%d.%d", &major, &minor)<2)
major = minor = 0;
@@ -263,7 +263,7 @@ void run(int poolsize, struct rand_pool_
daemonize(perf);
if (params->low_water>0)
set_watermark(params->low_water);
- random_fd = open(params->random_device, O_RDWR);
+ random_fd = open(params->random_device, O_RDWR | O_CLOEXEC);
if (random_fd == -1)
error_exit("Couldn't open random device: %m");
break;
@@ -272,7 +272,7 @@ void run(int poolsize, struct rand_pool_
return;
default:
ct = params->sample_size*1024;
- if (!(fout = fopen (params->sample_out, "wb")))
+ if (!(fout = fopen (params->sample_out, "wbe")))
error_exit("Cannot open file <%s> for writing.\n", params->sample_out);
fprintf(stderr, "Writing %d byte sample\n",ct);
}
@@ -334,7 +334,7 @@ void set_watermark(int level)
{
FILE *wm_fh;
- wm_fh = fopen(params->watermark, "w");
+ wm_fh = fopen(params->watermark, "we");
if (wm_fh) {
fprintf(wm_fh, "%d\n", level);
fclose(wm_fh);
Index: configure.ac
===================================================================
--- configure.ac.orig 2009-09-02 01:22:33.000000000 +0200
+++ configure.ac 2010-07-26 17:20:58.745701000 +0200
@@ -8,7 +8,7 @@ AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config.h])
AM_INIT_AUTOMAKE
AC_CONFIG_SRCDIR([/src/haveged.c])
-
+AC_USE_SYSTEM_EXTENSIONS
## Make nist self-test configurable
AC_ARG_ENABLE(nistest, AS_HELP_STRING([--enable-nistest=[no/yes]],[Run NIST test suite [default=no]]),, enable_nistest="no")
if test "x$enable_nistest" = "xyes"; then

3
haveged-0.9.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b94fdb1c0891aaf8b7a00faa0b426e1a6c93a0665c60cd8db510ca4d87ea834d
size 166681

3
haveged-0.9_git201011232331.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f92960e729d5e533b752556dbc8b345be713e12cda71b355cd34f5a9925a2e1b
size 77808

58
haveged-capabilties.patch
View File

@ -1,58 +0,0 @@
--- configure.ac.orig 2010-09-24 18:13:42.282707000 +0200
+++ configure.ac 2010-09-24 18:13:42.311704000 +0200
@@ -68,7 +68,7 @@ AC_FUNC_MALLOC
AC_FUNC_SELECT_ARGTYPES
AC_TYPE_SIGNAL
AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt])
-
+LIBCAP_NG_PATH
# Sets hardware depedent define for the build
AC_SUBST(HA_CPPFLAGS,$HA_CPPFLAGS)
--- src/Makefile.am.orig 2009-09-01 22:45:25.000000000 +0200
+++ src/Makefile.am 2010-09-24 18:13:42.319719000 +0200
@@ -4,5 +4,5 @@ AM_CFLAGS=-Wall
AM_CPPFLAGS = @HA_CPPFLAGS@
haveged_SOURCES = haveged.c havege.c havegedef.h haveged.h havege.h oneiteration.h loopbody.h
-
+haveged_LDADD = @CAPNG_LDADD@
MAINTAINERCLEANFILES = Makefile.in
--- src/haveged.c.orig 2010-09-24 18:13:42.276714000 +0200
+++ src/haveged.c 2010-09-24 18:14:41.605757000 +0200
@@ -16,6 +16,11 @@
** You should have received a copy of the GNU General Public License
** along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdlib.h>
#include <stdio.h>
#include <math.h>
@@ -37,6 +42,10 @@
#include <linux/random.h>
#include <errno.h>
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
+
#include "havege.h"
/**
* Parameters
@@ -170,6 +179,12 @@ int get_poolsize()
*/
int main(int argc, char **argv)
{
+#ifdef HAVE_LIBCAP_NG
+ /* Drop capabilities */
+ capng_clear(CAPNG_SELECT_BOTH);
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif
static const char* cmds[] = {
"d", "data", "1", "Data cache size [KB]",
"i", "inst", "1", "Instruction cache size [KB]",

8
haveged.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Nov 23 23:37:48 UTC 2010 - cristian.rodriguez@opensuse.org
- Fix optimization problem, actually a bug in inline asm
code. avoid using it, instead try hard to use either
GCC builtins or properly corrected inline asm.
Thanks Richard for pointing to the right solution.
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Nov 6 00:00:24 UTC 2010 - aj@suse.de Sat Nov 6 00:00:24 UTC 2010 - aj@suse.de

11
haveged.spec
View File

@ -18,22 +18,20 @@
Name: haveged Name: haveged
Version: 0.9 Version: 0.9_git201011232331
Release: 3 Release: 3
License: GPLv3 License: GPLv3
Group: System/Daemons Group: System/Daemons
Summary: Feed entropy into random pool Summary: Feed entropy into random pool
Url: http://www.issihosts.com/haveged/ Url: http://www.issihosts.com/haveged/
Source0: http://www.issihosts.com/haveged/haveged-%{version}.tar.bz2 Source0: http://www.issihosts.com/haveged/haveged-%{version}.tar.xz
Source1: haveged.init Source1: haveged.init
Source2: haveged.service Source2: haveged.service
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires(pre): %insserv_prereq Requires(pre): %insserv_prereq
Requires(post): grep util-linux Requires(post): grep util-linux
Enhances: openssl gpg2 php5 apache2 openvpn smtp_daemon Enhances: openssl gpg2 php5 apache2 openvpn smtp_daemon
Patch: haveged-0.9-cloexec.patch BuildRequires: libcap-ng-devel lzma
Patch1: haveged-capabilties.patch
BuildRequires: libcap-ng-devel
%description %description
The haveged daemon feeds the linux entropy pool with random The haveged daemon feeds the linux entropy pool with random
@ -43,12 +41,9 @@ For more informations see http://www.issihosts.com/haveged/
%prep %prep
%setup -q %setup -q
%patch
%patch1
%build %build
autoreconf -fiv autoreconf -fiv
export CFLAGS="$RPM_OPT_FLAGS -O0"
export LDFLAGS="-Wl,-z,relro,-z,now" export LDFLAGS="-Wl,-z,relro,-z,now"
%configure --with-libcap-ng=yes --sbindir=/sbin --enable-nistest=yes %configure --with-libcap-ng=yes --sbindir=/sbin --enable-nistest=yes
make %{?smp_flags} make %{?smp_flags}