rpms/nss
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- upstream patches to avoid calling netstat for random data

Browse Source
This commit is contained in:
Kai Engert 2007-12-03 21:19:26 +00:00
parent 4746ec66a3
commit eded0595cb
2 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
nss-unix_rand.patch Normal file
View File

@ -0,0 +1,64 @@
Index: mozilla/security/nss/lib/freebl/unix_rand.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/freebl/unix_rand.c,v
retrieving revision 1.25
retrieving revision 1.28
diff -u -r1.25 -r1.28
--- mozilla/security/nss/lib/freebl/unix_rand.c 25 Jul 2007 22:54:35 -0000 1.25
+++ mozilla/security/nss/lib/freebl/unix_rand.c 3 Dec 2007 21:07:01 -0000 1.28
@@ -866,7 +866,8 @@
/* if the child hasn't exited, kill it -- we're done with its output */
while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
;
- if (rv == 0 && kill(pid, SIGKILL) == 0) {
+ if (rv == 0) {
+ kill(pid, SIGKILL);
while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
;
}
@@ -921,15 +922,6 @@
};
#endif
-#ifdef DO_PS
-For now it is considered that it is too expensive to run the ps command
-for the small amount of entropy it provides.
-#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX)
- static char ps_cmd[] = "ps aux";
-#else
- static char ps_cmd[] = "ps -el";
-#endif
-#endif /* DO_PS */
#if defined(BSDI)
static char netstat_ni_cmd[] = "netstat -nis";
#else
@@ -980,9 +972,12 @@
* in a pthreads environment. Therefore, we call safe_popen last and on
* BSD/OS we do not call safe_popen when we succeeded in getting data
* from /dev/urandom.
+ *
+ * Bug 174993: LINUX provides /dev/urandom, don't fork netstat
+ * if data has been gathered successfully
*/
-#ifdef BSDI
+#if defined(BSDI) || defined(LINUX)
if (bytes)
return;
#endif
@@ -1010,15 +1005,6 @@
}
#endif
-#ifdef DO_PS
- fp = safe_popen(ps_cmd);
- if (fp != NULL) {
- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
- RNG_RandomUpdate(buf, bytes);
- safe_pclose(fp);
- }
-#endif
-
#ifdef DO_NETSTAT
fp = safe_popen(netstat_ni_cmd);
if (fp != NULL) {

7
nss.spec
View File

@ -4,7 +4,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.11.99.2 Version: 3.11.99.2
Release: 1%{?dist} Release: 2%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -30,6 +30,7 @@ Source12: %{name}-pem.tar.gz
Patch1: nss-no-rpath.patch Patch1: nss-no-rpath.patch
Patch2: nss-nolocalsql.patch Patch2: nss-nolocalsql.patch
Patch3: nss-unix_rand.patch
Patch6: nss-enable-pem.patch Patch6: nss-enable-pem.patch
Patch7: nss-create-obj.patch Patch7: nss-create-obj.patch
@ -86,6 +87,7 @@ low level services.
%patch1 -p0 %patch1 -p0
%patch2 -p0 %patch2 -p0
%patch3 -p0
%patch6 -p0 -b .libpem %patch6 -p0 -b .libpem
%patch7 -p0 -b .create-obj %patch7 -p0 -b .create-obj
@ -386,6 +388,9 @@ done
%changelog %changelog
* Mon Dec 03 2007 Kai Engert <kengert@redhat.com> - 3.11.99.2-2
- upstream patches to avoid calling netstat for random data
* Wed Nov 07 2007 Kai Engert <kengert@redhat.com> - 3.11.99.2-1 * Wed Nov 07 2007 Kai Engert <kengert@redhat.com> - 3.11.99.2-1
- NSS 3.12 alpha 2 - NSS 3.12 alpha 2