From 236f7df1ca94ff55c3d3930e0045bb30049032a3 Mon Sep 17 00:00:00 2001 From: xingwei Date: Thu, 1 Feb 2024 07:51:00 +0000 Subject: [PATCH] add haveged requires and optimize random number function replacement patch (cherry picked from commit 3500b496f7667536edaa38d580e664dc6a6c796c) --- ...-replace-random-with-RAND_priv_bytes.patch | 34 ++++++++++++------- yp-tools.spec | 10 ++++-- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/fix-to-replace-random-with-RAND_priv_bytes.patch b/fix-to-replace-random-with-RAND_priv_bytes.patch index 824faed..4e920a6 100644 --- a/fix-to-replace-random-with-RAND_priv_bytes.patch +++ b/fix-to-replace-random-with-RAND_priv_bytes.patch @@ -1,14 +1,14 @@ -From 43974c5f3054c152cc424b16684829c19ae8dd6a Mon Sep 17 00:00:00 2001 -From: hwx1054416 -Date: Wed, 25 Aug 2021 17:35:39 +0800 +From ff6cffa3feaaee11b1a9d27a7eada02fbd9890da Mon Sep 17 00:00:00 2001 +From: xingwei +Date: Fri, 27 Aug 2021 17:27:24 +0800 Subject: [PATCH] replace random with RAND_priv_bytes --- - src/yppasswd.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) + src/yppasswd.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/yppasswd.c b/src/yppasswd.c -index 04d041b..15b25e3 100644 +index aa7c8a1..ae356ad 100644 --- a/src/yppasswd.c +++ b/src/yppasswd.c @@ -44,6 +44,7 @@ @@ -32,24 +32,34 @@ index 04d041b..15b25e3 100644 for (i = 0; i < num_chars; i++) { -@@ -529,7 +531,16 @@ create_random_salt (char *salt, int num_chars) +@@ -529,7 +531,18 @@ create_random_salt (char *salt, int num_chars) res = read (fd, &c, 1); if (res != 1) - c = random (); + { + while (!RAND_status ()) -+ RAND_seed (&buf, sizeof (buf)); ++ { ++ RAND_seed (&buf, sizeof (buf)); ++ } + if (RAND_priv_bytes (&buf, sizeof (buf)) != 1) + { -+ printf ( _("Failed to generate a number.\n")); -+ break; ++ printf ( _("Failed to generate a random number.\n")); ++ break; + } + c = buf; + } salt[i] = bin_to_ascii (c & 0x3f); } +@@ -571,7 +584,7 @@ main (int argc, char **argv) + { + char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; + int f_flag = 0, l_flag = 0, p_flag = 0, error, status; +- int hash_id = DES; ++ int hash_id = SHA_512; + char rounds[11] = "\0"; /* max length is '999999999$' */ + struct yppasswd yppwd; + struct passwd *pwd; -- -1.8.3.1 - +2.27.0 diff --git a/yp-tools.spec b/yp-tools.spec index b4c4e1a..a7538fe 100644 --- a/yp-tools.spec +++ b/yp-tools.spec @@ -2,7 +2,7 @@ Name: yp-tools Version: 4.2.3 -Release: 6 +Release: 7 Summary: Network Information Service (YP) client utilities License: GPLv2 URL: https://github.com/thkukuk/yp-tools @@ -15,7 +15,7 @@ Patch4: fix-to-replace-random-with-RAND_priv_bytes.patch BuildRequires: git autoconf automake libtool BuildRequires: gettext-devel libtirpc-devel libnsl2-devel openssl-devel -Requires: ypbind >= 3:2.4-2 glibc openssl-libs +Requires: ypbind >= 3:2.4-2 glibc openssl-libs haveged %description This package provides NIS client programs.NIS,Network Information @@ -55,6 +55,12 @@ export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type -lcrypto" %{_mandir}/*/* %changelog +* Thu Feb 01 2024 xingwei - 4.2.3-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:add haveged requires and optimize random number function replacement patch + * Fri Jun 10 2022 gaihuiying - 4.2.3-6 - Type:bugfix - CVE:NA