From 05583ee011013cfa14f947fcb5a869189eea8f128c208d50715b41e06decac4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Wed, 5 Apr 2017 08:47:16 +0000
Subject: [PATCH] Accepting request 485757 from home:pgajdos

- security update: initialize random generator [bsc#934119]
  + libxslt-random-seed.patch

OBS-URL: https://build.opensuse.org/request/show/485757
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=56
---
 libxslt-random-seed.patch | 47 +++++++++++++++++++++++++++++++++++++++
 libxslt.changes           |  6 +++++
 libxslt.spec              |  2 ++
 3 files changed, 55 insertions(+)
 create mode 100644 libxslt-random-seed.patch

diff --git a/libxslt-random-seed.patch b/libxslt-random-seed.patch
new file mode 100644
index 0000000..f6b3659
--- /dev/null
+++ b/libxslt-random-seed.patch
@@ -0,0 +1,47 @@
+commit 047a0fd99e64c554c4edf44cc67ee765b09af017
+Author: Marcus Meissner <meissner@suse.de>
+Date:   Tue Apr 4 16:27:39 2017 +0200
+
+    initialize the random seed
+
+diff --git a/libexslt/math.c b/libexslt/math.c
+index 6b24dbe0..b7a8d6e1 100644
+--- a/libexslt/math.c
++++ b/libexslt/math.c
+@@ -23,6 +23,14 @@
+ #ifdef HAVE_STDLIB_H
+ #include <stdlib.h>
+ #endif
++#ifdef HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++#include <fcntl.h>
++#ifdef HAVE_TIME_H
++#include <time.h>
++#endif
++
+ 
+ #include "exslt.h"
+ 
+@@ -474,6 +482,20 @@ static double
+ exsltMathRandom (void) {
+     double ret;
+     int num;
++    long seed;
++    static int randinit = 0;
++
++    if (!randinit) {
++	int fd = open("/dev/urandom",O_RDONLY);
++
++	seed = time(NULL); /* just in case /dev/urandom is not there */
++	if (fd == -1) {
++		read (fd, &seed, sizeof(seed));
++		close (fd);
++	}
++	srand(seed);
++	randinit = 1;
++    }
+ 
+     num = rand();
+     ret = (double)num / (double)RAND_MAX;
+
diff --git a/libxslt.changes b/libxslt.changes
index c23eabe..cbdc356 100644
--- a/libxslt.changes
+++ b/libxslt.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Apr  5 07:46:27 UTC 2017 - pgajdos@suse.com
+
+- security update: initialize random generator [bsc#934119]
+  + libxslt-random-seed.patch 
+
 -------------------------------------------------------------------
 Mon Mar 13 12:43:04 UTC 2017 - pmonrealgonzalez@suse.com
 
diff --git a/libxslt.spec b/libxslt.spec
index e54ca7b..27a0559 100644
--- a/libxslt.spec
+++ b/libxslt.spec
@@ -32,6 +32,7 @@ Patch0:         %{name}-1.1.24-no-net-autobuild.patch
 Patch1:         libxslt-config-fixes.patch
 Patch2:         0009-Make-generate-id-deterministic.patch
 Patch3:         libxslt-CVE-2016-4738.patch
+Patch4:         libxslt-random-seed.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libtool
@@ -101,6 +102,7 @@ xtend the
 %patch1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 autoreconf -fvi