Accepting request 486319 from devel:libraries:c_c++
1 OBS-URL: https://build.opensuse.org/request/show/486319 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libxslt?expand=0&rev=50
This commit is contained in:
Git OBS Bridge
47
libxslt-random-seed.patch
Normal file
47
libxslt-random-seed.patch
Normal file
@@ -0,0 +1,47 @@
|
||||
commit 047a0fd99e64c554c4edf44cc67ee765b09af017
|
||||
Author: Marcus Meissner <meissner@suse.de>
|
||||
Date: Tue Apr 4 16:27:39 2017 +0200
|
||||
|
||||
initialize the random seed
|
||||
|
||||
diff --git a/libexslt/math.c b/libexslt/math.c
|
||||
index 6b24dbe0..b7a8d6e1 100644
|
||||
--- a/libexslt/math.c
|
||||
+++ b/libexslt/math.c
|
||||
@@ -23,6 +23,14 @@
|
||||
#ifdef HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif
|
||||
+#ifdef HAVE_UNISTD_H
|
||||
+#include <unistd.h>
|
||||
+#endif
|
||||
+#include <fcntl.h>
|
||||
+#ifdef HAVE_TIME_H
|
||||
+#include <time.h>
|
||||
+#endif
|
||||
+
|
||||
|
||||
#include "exslt.h"
|
||||
|
||||
@@ -474,6 +482,20 @@ static double
|
||||
exsltMathRandom (void) {
|
||||
double ret;
|
||||
int num;
|
||||
+ long seed;
|
||||
+ static int randinit = 0;
|
||||
+
|
||||
+ if (!randinit) {
|
||||
+ int fd = open("/dev/urandom",O_RDONLY);
|
||||
+
|
||||
+ seed = time(NULL); /* just in case /dev/urandom is not there */
|
||||
+ if (fd != -1) {
|
||||
+ read (fd, &seed, sizeof(seed));
|
||||
+ close (fd);
|
||||
+ }
|
||||
+ srand(seed);
|
||||
+ randinit = 1;
|
||||
+ }
|
||||
|
||||
num = rand();
|
||||
ret = (double)num / (double)RAND_MAX;
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 5 07:46:27 UTC 2017 - pgajdos@suse.com
|
||||
|
||||
- security update: initialize random generator, CVE-2015-9019
|
||||
[bsc#934119]
|
||||
+ libxslt-random-seed.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 13 12:43:04 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
|
||||
@@ -32,6 +32,7 @@ Patch0: %{name}-1.1.24-no-net-autobuild.patch
|
||||
Patch1: libxslt-config-fixes.patch
|
||||
Patch2: 0009-Make-generate-id-deterministic.patch
|
||||
Patch3: libxslt-CVE-2016-4738.patch
|
||||
Patch4: libxslt-random-seed.patch
|
||||
BuildRequires: libgcrypt-devel
|
||||
BuildRequires: libgpg-error-devel
|
||||
BuildRequires: libtool
|
||||
@@ -101,6 +102,7 @@ xtend the
|
||||
%patch1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
autoreconf -fvi
|
||||
|
||||
Reference in New Issue
Block a user