Accepting request 485757 from home:pgajdos

- security update: initialize random generator [bsc#934119] + libxslt-random-seed.patch OBS-URL: https://build.opensuse.org/request/show/485757 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=56
2017-04-05 08:47:16 +00:00 · 2017-04-05 08:47:16 +00:00 · 05583ee011
commit 05583ee011
parent 0e4141e559
3 changed files with 55 additions and 0 deletions
--- a/libxslt-random-seed.patch
+++ b/libxslt-random-seed.patch
@ -0,0 +1,47 @@
+commit 047a0fd99e64c554c4edf44cc67ee765b09af017
+Author: Marcus Meissner <meissner@suse.de>
+Date:   Tue Apr 4 16:27:39 2017 +0200
+
+    initialize the random seed
+
+diff --git a/libexslt/math.c b/libexslt/math.c
+index 6b24dbe0..b7a8d6e1 100644
+--- a/libexslt/math.c
+++ b/libexslt/math.c
+@@ -23,6 +23,14 @@
+ #ifdef HAVE_STDLIB_H
+ #include <stdlib.h>
+ #endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <fcntl.h>
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+ 
+ #include "exslt.h"
+ 
+@@ -474,6 +482,20 @@ static double
+ exsltMathRandom (void) {
+     double ret;
+     int num;
+    long seed;
+    static int randinit = 0;
+
+    if (!randinit) {
+	int fd = open("/dev/urandom",O_RDONLY);
+
+	seed = time(NULL); /* just in case /dev/urandom is not there */
+	if (fd == -1) {
+		read (fd, &seed, sizeof(seed));
+		close (fd);
+	}
+	srand(seed);
+	randinit = 1;
+    }
+ 
+     num = rand();
+     ret = (double)num / (double)RAND_MAX;
+
--- a/libxslt.changes
+++ b/libxslt.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Apr  5 07:46:27 UTC 2017 - pgajdos@suse.com
+
+- security update: initialize random generator [bsc#934119]
+  + libxslt-random-seed.patch 
+
 -------------------------------------------------------------------
 Mon Mar 13 12:43:04 UTC 2017 - pmonrealgonzalez@suse.com

--- a/libxslt.spec
+++ b/libxslt.spec
@ -32,6 +32,7 @@ Patch0:         %{name}-1.1.24-no-net-autobuild.patch
 Patch1:         libxslt-config-fixes.patch
 Patch2:         0009-Make-generate-id-deterministic.patch
 Patch3:         libxslt-CVE-2016-4738.patch
+Patch4:         libxslt-random-seed.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libtool
@ -101,6 +102,7 @@ xtend the
 %patch1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1

 %build
 autoreconf -fvi