From e61ad8934debbe2f52d7545725c79898bf9d34e0 Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Fri, 10 Jun 2022 11:13:14 +0800
Subject: [PATCH] replace random with RAND_priv_bytes

---
 ...-replace-random-with-RAND_priv_bytes.patch | 55 +++++++++++++++++++
 yp-tools.spec                                 | 15 +++--
 2 files changed, 66 insertions(+), 4 deletions(-)
 create mode 100644 fix-to-replace-random-with-RAND_priv_bytes.patch

diff --git a/fix-to-replace-random-with-RAND_priv_bytes.patch b/fix-to-replace-random-with-RAND_priv_bytes.patch
new file mode 100644
index 0000000..824faed
--- /dev/null
+++ b/fix-to-replace-random-with-RAND_priv_bytes.patch
@@ -0,0 +1,55 @@
+From 43974c5f3054c152cc424b16684829c19ae8dd6a Mon Sep 17 00:00:00 2001
+From: hwx1054416 <heyaohua1@huawei.com>
+Date: Wed, 25 Aug 2021 17:35:39 +0800
+Subject: [PATCH] replace random with RAND_priv_bytes
+
+---
+ src/yppasswd.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/yppasswd.c b/src/yppasswd.c
+index 04d041b..15b25e3 100644
+--- a/src/yppasswd.c
++++ b/src/yppasswd.c
+@@ -44,6 +44,7 @@
+ #include <rpcsvc/yp_prot.h>
+ #include <rpcsvc/ypclnt.h>
+ #include <rpcsvc/yppasswd.h>
++#include <openssl/rand.h>
+ 
+ #ifndef _
+ #define _(String) gettext (String)
+@@ -517,10 +518,11 @@ create_random_salt (char *salt, int num_chars)
+ {
+   int fd;
+   unsigned char c;
++  unsigned char buf;
+   int i;
+   int res;
+ 
+-  fd = open ("/dev/urandom", O_RDONLY);
++  fd = open ("/dev/random", O_RDONLY);
+ 
+   for (i = 0; i < num_chars; i++)
+     {
+@@ -529,7 +531,16 @@ create_random_salt (char *salt, int num_chars)
+         res = read (fd, &c, 1);
+ 
+       if (res != 1)
+-        c = random ();
++        {
++             while (!RAND_status ())
++                  RAND_seed (&buf, sizeof (buf));
++             if (RAND_priv_bytes (&buf, sizeof (buf)) != 1)
++               {
++                    printf ( _("Failed to generate a number.\n"));
++                    break;
++               }
++             c = buf;
++        }
+ 
+       salt[i] = bin_to_ascii (c & 0x3f);
+     }
+-- 
+1.8.3.1
+
diff --git a/yp-tools.spec b/yp-tools.spec
index f734dd9..b4c4e1a 100644
--- a/yp-tools.spec
+++ b/yp-tools.spec
@@ -2,7 +2,7 @@
 
 Name:		yp-tools
 Version:	4.2.3
-Release:        5
+Release:        6
 Summary:	Network Information Service (YP) client utilities
 License:	GPLv2
 URL:		https://github.com/thkukuk/yp-tools
@@ -11,10 +11,11 @@ Patch0: 	yp-tools-2.12-hash.patch
 Patch1: 	yp-tools-2.12-crypt.patch
 Patch2: 	yp-tools-2.12-adjunct.patch
 Patch3: 	yp-tools-4.2.2-strict-prototypes.patch
+Patch4: 	fix-to-replace-random-with-RAND_priv_bytes.patch
 
 BuildRequires:	git autoconf automake libtool
-BuildRequires:  gettext-devel libtirpc-devel libnsl2-devel
-Requires:	ypbind >= 3:2.4-2 glibc
+BuildRequires:  gettext-devel libtirpc-devel libnsl2-devel openssl-devel
+Requires:	ypbind >= 3:2.4-2 glibc openssl-libs
 
 %description
 This package provides NIS client programs.NIS,Network Information
@@ -34,7 +35,7 @@ The help package contains doc files for yp-tools.
 autoreconf -ifv
 
 %build
-export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type"
+export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type -lcrypto"
 %configure --disable-domainname
 %make_build
 
@@ -54,6 +55,12 @@ export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type"
 %{_mandir}/*/*
 
 %changelog
+* Fri Jun 10 2022 gaihuiying <eaglegai@163.com> - 4.2.3-6
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:replace random with RAND_priv_bytes
+
 * Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 4.2.3-5
 - Type:requirement
 - ID:NA