Update to the upstream v6.13 @d207e0b6
- Update to the upstream v6.13 + tip of origin/master + onecpu branch + revert of 2ce93190 (bz 1965318) - Rebuild rng-tools against the latest jitterentropy library 3.0.2-2.git.409828cf with fixes for an important issue - Adjust Source0 to a more proper one Resolves: rhbz#1965318 Signed-off-by: Vladis Dronov <vdronov@redhat.com>
This commit is contained in:
parent
0e48f2301e
commit
f225139b99
@ -1,45 +0,0 @@
|
|||||||
From 16b728f9a5bb138386fa770de817ec244a158be5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: David Seifert <soap@gentoo.org>
|
|
||||||
Date: Sat, 12 Jun 2021 22:15:06 +0200
|
|
||||||
Subject: Use `AM_PROG_AR` over `AC_CHECK_TOOLS`
|
|
||||||
|
|
||||||
* `AM_PROG_AR` is the canonical way to detect the archiver
|
|
||||||
and includes workarounds for Cygwin.
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
.gitignore | 1 +
|
|
||||||
configure.ac | 3 +--
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/.gitignore b/.gitignore
|
|
||||||
index 0df9347..5dc334d 100644
|
|
||||||
--- a/.gitignore
|
|
||||||
+++ b/.gitignore
|
|
||||||
@@ -2,6 +2,7 @@
|
|
||||||
*.o
|
|
||||||
/.deps/
|
|
||||||
/aclocal.m4
|
|
||||||
+/ar-lib
|
|
||||||
/autom4te.cache/
|
|
||||||
/compile
|
|
||||||
/config.guess
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 5b4f2cb..1cb7fd7 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -62,10 +62,9 @@ AM_PROG_AS
|
|
||||||
dnl Checks for programs
|
|
||||||
AC_PROG_CC
|
|
||||||
AC_PROG_RANLIB
|
|
||||||
+AM_PROG_AR
|
|
||||||
AC_PROG_GCC_TRADITIONAL
|
|
||||||
|
|
||||||
-AC_CHECK_TOOLS([AR], [ar gar], :)
|
|
||||||
-
|
|
||||||
AX_PTHREAD
|
|
||||||
|
|
||||||
AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
|||||||
From 3adf2613e262efbda0a3455e59c8cb3390271563 Mon Sep 17 00:00:00 2001
|
|
||||||
From: David Seifert <soap@gentoo.org>
|
|
||||||
Date: Sat, 12 Jun 2021 22:15:12 +0200
|
|
||||||
Subject: `AC_CANONICAL_TARGET` -> `AC_CANONICAL_HOST`
|
|
||||||
|
|
||||||
* `AC_CANONICAL_TARGET` is the type of system for which code
|
|
||||||
will be produced, not on which it will run. This is a common
|
|
||||||
confusion with Autoconf's target triplet.
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
configure.ac | 15 ++++++++-------
|
|
||||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 1cb7fd7..0fe06fc 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -20,7 +20,8 @@ dnl Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA
|
|
||||||
AC_INIT(rng-tools, 6.13, [Neil Horman <nhorman@tuxdriver.com>])
|
|
||||||
AC_PREREQ(2.52)
|
|
||||||
AC_CONFIG_SRCDIR([rngd.c])
|
|
||||||
-AC_CANONICAL_TARGET
|
|
||||||
+AC_CANONICAL_HOST
|
|
||||||
+AC_CANONICAL_TARGET dnl required for broken AX_PTHREAD
|
|
||||||
AM_INIT_AUTOMAKE([foreign])
|
|
||||||
AC_CONFIG_HEADERS([rng-tools-config.h])
|
|
||||||
AC_CONFIG_MACRO_DIRS([m4])
|
|
||||||
@@ -67,14 +68,14 @@ AC_PROG_GCC_TRADITIONAL
|
|
||||||
|
|
||||||
AX_PTHREAD
|
|
||||||
|
|
||||||
-AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
|
|
||||||
-AS_IF([test $target_cpu = x86_64 -o $target_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
|
|
||||||
+AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686])
|
|
||||||
+AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
|
|
||||||
|
|
||||||
-AM_CONDITIONAL([DARN], [test $target_cpu = powerpc64le])
|
|
||||||
-AS_IF([test $target_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
|
|
||||||
+AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
|
|
||||||
+AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
|
|
||||||
|
|
||||||
-AM_CONDITIONAL([RNDR], [test $target_cpu = aarch64])
|
|
||||||
-AS_IF([test $target_cpu = aarch64], [AC_DEFINE([HAVE_RNDR],1,[Enable RNDR])],[])
|
|
||||||
+AM_CONDITIONAL([RNDR], [test $host_cpu = aarch64])
|
|
||||||
+AS_IF([test $host_cpu = aarch64], [AC_DEFINE([HAVE_RNDR],1,[Enable RNDR])],[])
|
|
||||||
AM_CONDITIONAL([JITTER], [false])
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(jitterentropy,
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
|||||||
From 73e81dc78ddb6f1bc0d8750c1a9e19e6cc123d48 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Sat, 12 Jun 2021 09:16:25 +0200
|
|
||||||
Subject: Fix logic in ossl_aes_random_key()
|
|
||||||
|
|
||||||
- Using sizeof is correct for arr[], but is not correct for *ptr. read() here
|
|
||||||
makes a 8-bytes read (on 64-bit arch). It should read AES_BLOCK bytes instead,
|
|
||||||
as callers of ossl_aes_random_key() imply.
|
|
||||||
|
|
||||||
Covscan emits the following warning:
|
|
||||||
|
|
||||||
Error: SIZEOF_MISMATCH (CWE-398): [#def1]
|
|
||||||
rng-tools-6.12/ossl_helpers.c:51: suspicious_sizeof: Passing argument "key" of
|
|
||||||
type "unsigned char *" and argument "8UL /* sizeof (key) */" to function "read"
|
|
||||||
is suspicious.
|
|
||||||
51|-> int r = read(fd, key, sizeof key);
|
|
||||||
|
|
||||||
- According to the following warning, mark r as not used explicitly:
|
|
||||||
|
|
||||||
Error: CLANG_WARNING: [#def2]
|
|
||||||
rng-tools-6.12/ossl_helpers.c:51:7: warning[deadcode.DeadStores]: Value stored
|
|
||||||
to 'r' during its initialization is never read
|
|
||||||
51|-> int r = read(fd, key, sizeof key);
|
|
||||||
|
|
||||||
- Add volatile to stack_junk to avoid possible compiler optimization. This does
|
|
||||||
not silence "Uninitialized variable: stack_junk" covscan warning.
|
|
||||||
|
|
||||||
- Remove a check for pepper == NULL where it is not needed.
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
ossl_helpers.c | 9 +++++----
|
|
||||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/ossl_helpers.c b/ossl_helpers.c
|
|
||||||
index c3c1fbb..9569b74 100644
|
|
||||||
--- a/ossl_helpers.c
|
|
||||||
+++ b/ossl_helpers.c
|
|
||||||
@@ -42,22 +42,23 @@ void ossl_aes_random_key(unsigned char *key, const unsigned char *pepper)
|
|
||||||
0x00,0x10,0x20,0x30,0x40,0x50,0x60,0x70,
|
|
||||||
0x80,0x90,0xa0,0xb0,0xc0,0xd0,0xe0,0xf0
|
|
||||||
}; /* AES data reduction key */
|
|
||||||
- unsigned char stack_junk[AES_BLOCK];
|
|
||||||
+ volatile unsigned char stack_junk[AES_BLOCK];
|
|
||||||
int fd, i;
|
|
||||||
|
|
||||||
/* Try getting some randomness from the kernel */
|
|
||||||
fd = open("/dev/urandom", O_RDONLY);
|
|
||||||
if (fd >= 0) {
|
|
||||||
- int r = read(fd, key, sizeof key);
|
|
||||||
+ int r __attribute__((unused));
|
|
||||||
+ r = read(fd, key, AES_BLOCK);
|
|
||||||
close(fd);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Mix in our default key */
|
|
||||||
- for (i = 0; i < AES_BLOCK && pepper; i++)
|
|
||||||
+ for (i = 0; i < AES_BLOCK; i++)
|
|
||||||
key[i] ^= default_key[i];
|
|
||||||
|
|
||||||
/* Mix in stack junk */
|
|
||||||
- for (i = 0; i < AES_BLOCK && pepper; i++)
|
|
||||||
+ for (i = 0; i < AES_BLOCK; i++)
|
|
||||||
key[i] ^= stack_junk[i];
|
|
||||||
|
|
||||||
/* Spice it up if we can */
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,44 +0,0 @@
|
|||||||
From 8659477ea65b1617332efee6da4c533137870577 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Sat, 12 Jun 2021 09:00:42 +0200
|
|
||||||
Subject: Fix a read() returning zero case in init_entropy_source()
|
|
||||||
|
|
||||||
Covscan warns about this with:
|
|
||||||
|
|
||||||
Error: CHECKED_RETURN (CWE-252): [#def3]
|
|
||||||
rng-tools-6.12/rngd_entsource.c:185: check_return: "read(int, void *,
|
|
||||||
size_t)" returns the number of bytes read, but it is ignored.
|
|
||||||
185|-> if (read(rngavail_fd, buf, sizeof(buf)) < 0) {
|
|
||||||
|
|
||||||
Add a check for a zero return. While this should not happen, lets just
|
|
||||||
handle the case, also to silence covscan.
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
rngd_entsource.c | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rngd_entsource.c b/rngd_entsource.c
|
|
||||||
index f54ee40..e5b7d43 100644
|
|
||||||
--- a/rngd_entsource.c
|
|
||||||
+++ b/rngd_entsource.c
|
|
||||||
@@ -182,13 +182,14 @@ int init_entropy_source(struct rng *ent_src)
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (read(rngavail_fd, buf, sizeof(buf)) < 0) {
|
|
||||||
+ int ret = read(rngavail_fd, buf, sizeof(buf));
|
|
||||||
+ if (ret < 0) {
|
|
||||||
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "Error reading sysfs file: %s\n", RNG_AVAIL);
|
|
||||||
close(rngavail_fd);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (strncmp(buf, "\n", 1) == 0) {
|
|
||||||
+ if (ret == 0 || strncmp(buf, "\n", 1) == 0) {
|
|
||||||
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "No available rng device\n");
|
|
||||||
close(rngavail_fd);
|
|
||||||
return 1;
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,78 +0,0 @@
|
|||||||
From e4a94ad5d4ea8e5663f1e5d71669317b16105945 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Sat, 12 Jun 2021 13:11:19 +0200
|
|
||||||
Subject: Fix minor possibilities of using a NULL pointer
|
|
||||||
|
|
||||||
Fix the following covscan warnings by performing a check for a NULL:
|
|
||||||
|
|
||||||
1) Add a check for NULL to message_entsrc macro:
|
|
||||||
|
|
||||||
Error: GCC_ANALYZER_WARNING (CWE-688):
|
|
||||||
rng-tools-6.12/rngd_rdrand.c: scope_hint: In function 'init_drng_entropy_source'
|
|
||||||
rng-tools-6.12/rngd.h:186:9: warning[-Wanalyzer-possible-null-argument]: use of
|
|
||||||
possibly-NULL '____buf' where non-null expected
|
|
||||||
/usr/include/stdio.h:334:12: note: argument 1 of 'sprintf' must be non-null
|
|
||||||
184| size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
|
|
||||||
185| char *____buf = malloc(____neededpfx + ____neededmsg); \
|
|
||||||
186|-> sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
|
|
||||||
|
|
||||||
2) Move memset() in xread_tpm() to a proper place:
|
|
||||||
|
|
||||||
Error: NULL_RETURNS (CWE-476): [#def3]
|
|
||||||
rng-tools-6.12/rngd_entsource.c:96: returned_null: "malloc" returns "NULL"
|
|
||||||
(checked 89 out of 95 times).
|
|
||||||
rng-tools-6.12/rngd_entsource.c:96: var_assigned: Assigning: "temp_buf" =
|
|
||||||
"NULL" return value from "malloc".
|
|
||||||
rng-tools-6.12/rngd_entsource.c:97: dereference: Dereferencing a pointer
|
|
||||||
that might be "NULL" "temp_buf" when calling "memset".
|
|
||||||
96| temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
|
|
||||||
97|-> memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
|
||||||
98| if (temp_buf == NULL) {
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
rngd.h | 8 +++++---
|
|
||||||
rngd_entsource.c | 3 ++-
|
|
||||||
2 files changed, 7 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rngd.h b/rngd.h
|
|
||||||
index 6208b95..7d65f3c 100644
|
|
||||||
--- a/rngd.h
|
|
||||||
+++ b/rngd.h
|
|
||||||
@@ -184,9 +184,11 @@ extern bool quiet;
|
|
||||||
size_t ____neededpfx = snprintf(NULL, 0, "[%-6s]: ", src->rng_sname); \
|
|
||||||
size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
|
|
||||||
char *____buf = malloc(____neededpfx + ____neededmsg); \
|
|
||||||
- sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
|
|
||||||
- message(priority, "%s", ____buf); \
|
|
||||||
- free(____buf); \
|
|
||||||
+ if (____buf) { \
|
|
||||||
+ sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
|
|
||||||
+ message(priority, "%s", ____buf); \
|
|
||||||
+ free(____buf); \
|
|
||||||
+ } \
|
|
||||||
} while (0)
|
|
||||||
|
|
||||||
extern bool do_reseed;
|
|
||||||
diff --git a/rngd_entsource.c b/rngd_entsource.c
|
|
||||||
index e5b7d43..b7ebd15 100644
|
|
||||||
--- a/rngd_entsource.c
|
|
||||||
+++ b/rngd_entsource.c
|
|
||||||
@@ -94,12 +94,13 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
|
|
||||||
}
|
|
||||||
|
|
||||||
temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
|
|
||||||
- memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
|
||||||
if (temp_buf == NULL) {
|
|
||||||
message_entsrc(ent_src,LOG_ERR|LOG_INFO,"No memory for TPM buffer\n");
|
|
||||||
close(ent_src->rng_fd);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
|
||||||
+
|
|
||||||
/* 32 bits has been reserved for random byte size */
|
|
||||||
rng_cmd[13] = (unsigned char)(size & 0xFF);
|
|
||||||
rng_cmd[12] = (unsigned char)((size >> 8) & 0xFF);
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,185 +0,0 @@
|
|||||||
From 2d244c6b5aea8f1a8e70307540d9d95b8111a242 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Mon, 14 Jun 2021 14:04:27 +0200
|
|
||||||
Subject: Small bug and warning fixes per covscan report
|
|
||||||
|
|
||||||
- Fix a strncpy() bug.
|
|
||||||
|
|
||||||
- Remove unused variables.
|
|
||||||
|
|
||||||
- A small formatting fix.
|
|
||||||
|
|
||||||
- Fix signedness warnings.
|
|
||||||
|
|
||||||
- Add parenthesis to definitions of CHUNK_SIZE.
|
|
||||||
|
|
||||||
- Adjust default_watermark() so wm is set to a default value in all cases.
|
|
||||||
Also add logging the same way it was done in init_kernel_rng().
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
rngd_darn.c | 4 ++--
|
|
||||||
rngd_jitter.c | 3 +--
|
|
||||||
rngd_linux.c | 31 ++++++++++++++++++++++---------
|
|
||||||
rngd_rdrand.c | 2 --
|
|
||||||
rngd_rndr.c | 2 +-
|
|
||||||
rngd_rtlsdr.c | 6 +++---
|
|
||||||
stats.c | 2 +-
|
|
||||||
7 files changed, 30 insertions(+), 20 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rngd_darn.c b/rngd_darn.c
|
|
||||||
index bc8edec..5254195 100644
|
|
||||||
--- a/rngd_darn.c
|
|
||||||
+++ b/rngd_darn.c
|
|
||||||
@@ -46,9 +46,9 @@ static uint64_t get_darn();
|
|
||||||
static int refill_rand(struct rng *ent_src, bool allow_reinit);
|
|
||||||
static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t copied);
|
|
||||||
|
|
||||||
-#define CHUNK_SIZE AES_BLOCK * 8
|
|
||||||
+#define CHUNK_SIZE (AES_BLOCK*8)
|
|
||||||
#define RDRAND_ROUNDS 512 /* 512:1 data reduction */
|
|
||||||
-#define THRESH_BITS 14
|
|
||||||
+#define THRESH_BITS 14
|
|
||||||
|
|
||||||
/* ossl AES context */
|
|
||||||
static struct ossl_aes_ctx *ossl_ctx;
|
|
||||||
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
|
||||||
index b68c791..7403c02 100644
|
|
||||||
--- a/rngd_jitter.c
|
|
||||||
+++ b/rngd_jitter.c
|
|
||||||
@@ -128,7 +128,7 @@ int pipefds[2];
|
|
||||||
|
|
||||||
unsigned char *aes_buf;
|
|
||||||
|
|
||||||
-static char key[AES_BLOCK];
|
|
||||||
+static unsigned char key[AES_BLOCK];
|
|
||||||
static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
|
|
||||||
static struct ossl_aes_ctx *ossl_ctx;
|
|
||||||
|
|
||||||
@@ -322,7 +322,6 @@ int validate_jitter_options(struct rng *ent_src)
|
|
||||||
int delay = ent_src->rng_options[JITTER_OPT_RETRY_DELAY].int_val;
|
|
||||||
int rcount = ent_src->rng_options[JITTER_OPT_RETRY_COUNT].int_val;
|
|
||||||
int soft_timer = ent_src->rng_options[JITTER_OPT_FORCE_INT_TIMER].int_val;
|
|
||||||
- int num_threads = ent_src->rng_options[JITTER_OPT_THREADS].int_val;
|
|
||||||
|
|
||||||
/* Need at least one thread to do this work */
|
|
||||||
if (!threads) {
|
|
||||||
diff --git a/rngd_linux.c b/rngd_linux.c
|
|
||||||
index cf4fcdf..c52c62d 100644
|
|
||||||
--- a/rngd_linux.c
|
|
||||||
+++ b/rngd_linux.c
|
|
||||||
@@ -56,22 +56,35 @@ extern int kent_pool_size;
|
|
||||||
/*
|
|
||||||
* Get the default watermark
|
|
||||||
*/
|
|
||||||
+
|
|
||||||
+#define DEFAULT_WATERMARK_GUESS 4096
|
|
||||||
+
|
|
||||||
int default_watermark(void)
|
|
||||||
{
|
|
||||||
FILE *f;
|
|
||||||
- unsigned int wm; /* Default guess */
|
|
||||||
+ unsigned int wm;
|
|
||||||
|
|
||||||
f = fopen("/proc/sys/kernel/random/poolsize", "r");
|
|
||||||
- if (!f)
|
|
||||||
+ if (!f) {
|
|
||||||
+ wm = DEFAULT_WATERMARK_GUESS;
|
|
||||||
+ message(LOG_DAEMON|LOG_ERR, "can't open /proc/sys/kernel/random/poolsize: %s",
|
|
||||||
+ strerror(errno));
|
|
||||||
goto err;
|
|
||||||
- /*
|
|
||||||
- * Default to 4096 if fscanf fails
|
|
||||||
- */
|
|
||||||
- if(fscanf(f,"%u", &wm) < 1)
|
|
||||||
- wm = 4096;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Use DEFAULT_WATERMARK_GUESS if fscanf fails */
|
|
||||||
+ if(fscanf(f,"%u", &wm) < 1) {
|
|
||||||
+ wm = DEFAULT_WATERMARK_GUESS;
|
|
||||||
+ message(LOG_DAEMON|LOG_ERR, "can't read /proc/sys/kernel/random/poolsize: %s",
|
|
||||||
+ strerror(errno));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+err:
|
|
||||||
kent_pool_size = wm;
|
|
||||||
wm = wm*3/4;
|
|
||||||
-err:
|
|
||||||
+ message(LOG_DAEMON|LOG_ERR, "kernel entropy pool size: %d pool watermark: %d",
|
|
||||||
+ kent_pool_size, wm);
|
|
||||||
+
|
|
||||||
if (f)
|
|
||||||
fclose(f);
|
|
||||||
return wm;
|
|
||||||
@@ -153,7 +166,7 @@ int random_add_entropy(void *buf, size_t size)
|
|
||||||
} else
|
|
||||||
write(random_fd, buf, size);
|
|
||||||
|
|
||||||
- return ent->ent_count;
|
|
||||||
+ return ent->ent_count;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/rngd_rdrand.c b/rngd_rdrand.c
|
|
||||||
index cba27a9..caa9d05 100644
|
|
||||||
--- a/rngd_rdrand.c
|
|
||||||
+++ b/rngd_rdrand.c
|
|
||||||
@@ -243,8 +243,6 @@ int init_drng_entropy_source(struct rng *ent_src)
|
|
||||||
const uint32_t features_ebx7_rdseed = 1 << 18;
|
|
||||||
uint32_t max_cpuid_leaf;
|
|
||||||
unsigned char xkey[AES_BLOCK]; /* Material to XOR into the key */
|
|
||||||
- int fd;
|
|
||||||
- int i;
|
|
||||||
|
|
||||||
if (!x86_has_cpuid())
|
|
||||||
return 1; /* No CPUID instruction */
|
|
||||||
diff --git a/rngd_rndr.c b/rngd_rndr.c
|
|
||||||
index 176ce90..79bf2ce 100644
|
|
||||||
--- a/rngd_rndr.c
|
|
||||||
+++ b/rngd_rndr.c
|
|
||||||
@@ -47,7 +47,7 @@ static struct ossl_aes_ctx *ossl_ctx;
|
|
||||||
static unsigned char key[AES_BLOCK];
|
|
||||||
static unsigned char iv_buf[AES_BLOCK];
|
|
||||||
|
|
||||||
-#define CHUNK_SIZE AES_BLOCK * 8
|
|
||||||
+#define CHUNK_SIZE (AES_BLOCK*8)
|
|
||||||
static unsigned char aes_buf[CHUNK_SIZE];
|
|
||||||
static size_t aes_buf_pos;
|
|
||||||
#define REKEY_BITS 8
|
|
||||||
diff --git a/rngd_rtlsdr.c b/rngd_rtlsdr.c
|
|
||||||
index 949c8b0..5371905 100644
|
|
||||||
--- a/rngd_rtlsdr.c
|
|
||||||
+++ b/rngd_rtlsdr.c
|
|
||||||
@@ -21,12 +21,12 @@
|
|
||||||
#include "rngd.h"
|
|
||||||
#include "ossl_helpers.h"
|
|
||||||
|
|
||||||
-#define RAW_BUF_SZ 4096
|
|
||||||
+#define RAW_BUF_SZ 4096
|
|
||||||
|
|
||||||
-#define CHUNK_SIZE (AES_BLOCK*8) /* 8 parallel streams */
|
|
||||||
+#define CHUNK_SIZE (AES_BLOCK*8) /* 8 parallel streams */
|
|
||||||
|
|
||||||
static rtlsdr_dev_t *radio = NULL;
|
|
||||||
-static char raw_buffera[RAW_BUF_SZ];
|
|
||||||
+static unsigned char raw_buffera[RAW_BUF_SZ];
|
|
||||||
static int freq_min;
|
|
||||||
static int freq_max;
|
|
||||||
static int sample_min;
|
|
||||||
diff --git a/stats.c b/stats.c
|
|
||||||
index 5c4036a..a172a35 100644
|
|
||||||
--- a/stats.c
|
|
||||||
+++ b/stats.c
|
|
||||||
@@ -65,7 +65,7 @@ static void scale_mult_unit(char *unit, int unitsize,
|
|
||||||
if (mult)
|
|
||||||
snprintf(unit, unitsize, "%ci%s", multchar[mult-1], baseunit);
|
|
||||||
else
|
|
||||||
- strncpy(unit, baseunit, unitsize);
|
|
||||||
+ strncpy(unit, baseunit, unitsize-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Computes elapsed time in microseconds */
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,54 +0,0 @@
|
|||||||
From 05505f04b9146e3f1225c182d3fdfc2fb51a633f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Sat, 12 Jun 2021 09:35:21 +0200
|
|
||||||
Subject: Fix a minor memory leak in rngd_jitter.c
|
|
||||||
|
|
||||||
While a leak is short-lived until a process memory is freed, fix it anyway.
|
|
||||||
|
|
||||||
Error: GCC_ANALYZER_WARNING (CWE-401):
|
|
||||||
rng-tools-6.12/rngd_jitter.c:396:66: warning[-Wanalyzer-malloc-leak]:
|
|
||||||
leak of 'aes_buf'
|
|
||||||
rng-tools-6.12/rngd_jitter.c:35: included_from: Included from here.
|
|
||||||
rng-tools-6.12/rngd_jitter.c:394:17: note: in expansion of macro 'message_entsrc'
|
|
||||||
|
|
||||||
Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
|
|
||||||
rng-tools-6.12/rngd_jitter.c: scope_hint: In function 'init_jitter_entropy_source'
|
|
||||||
rng-tools-6.12/rngd_jitter.c:396:66: warning[-Wanalyzer-malloc-leak]: leak of 'aes_buf'
|
|
||||||
rng-tools-6.12/rngd_jitter.c:394:17: note: in expansion of macro 'message_entsrc'
|
|
||||||
394| message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Initializing AES buffer\n");
|
|
||||||
395| aes_buf = malloc(tdata[0].buf_sz);
|
|
||||||
396|-> ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
|
|
||||||
397| if (xread_jitter(key, AES_BLOCK, ent_src)) {
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
rngd_jitter.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
|
||||||
index 7403c02..ea29436 100644
|
|
||||||
--- a/rngd_jitter.c
|
|
||||||
+++ b/rngd_jitter.c
|
|
||||||
@@ -126,7 +126,7 @@ static struct thread_data *tdata;
|
|
||||||
static pthread_t *threads;
|
|
||||||
int pipefds[2];
|
|
||||||
|
|
||||||
-unsigned char *aes_buf;
|
|
||||||
+unsigned char *aes_buf = NULL;
|
|
||||||
|
|
||||||
static unsigned char key[AES_BLOCK];
|
|
||||||
static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
|
|
||||||
@@ -533,9 +533,9 @@ void close_jitter_entropy_source(struct rng *ent_src)
|
|
||||||
close(pipefds[0]);
|
|
||||||
free(tdata);
|
|
||||||
free(threads);
|
|
||||||
+ free(aes_buf);
|
|
||||||
if (ossl_ctx) {
|
|
||||||
ossl_aes_exit(ossl_ctx);
|
|
||||||
ossl_ctx = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,233 +0,0 @@
|
|||||||
From c87d4f8616c42a921cec37e8758e71f5651c727f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Mon, 14 Jun 2021 14:37:28 +0200
|
|
||||||
Subject: Brush up rngd_nistbeacon.c
|
|
||||||
|
|
||||||
1) Fix a possile NULL dereference in get_nist_record() and update_active_cert().
|
|
||||||
It may happen in an unlikely case when curl_easy_setopt(CURLOPT_WRITEFUNCTION)
|
|
||||||
fails but curl_easy_perform() succeeds.
|
|
||||||
|
|
||||||
Also adjust error handling and logging. This way a libcurl instance is properly
|
|
||||||
cleaned up in all cases.
|
|
||||||
|
|
||||||
This fixes code for the following warnings. NULL pointer warning still stays,
|
|
||||||
as covscan does not recognize parse_nist_json_block() as a callback.
|
|
||||||
|
|
||||||
Error: CHECKED_RETURN (CWE-252): [#def13]
|
|
||||||
rng-tools-6.12/rngd_nistbeacon.c:582: check_return: Calling "curl_easy_setopt(curl,
|
|
||||||
_curl_opt, certurl)" without checking return value. This library function may fail
|
|
||||||
and return an error code.
|
|
||||||
581| certurl = strcat(certurl, block.certificateIdString);
|
|
||||||
582|-> curl_easy_setopt(curl, CURLOPT_URL, certurl);
|
|
||||||
|
|
||||||
Error: CLANG_WARNING: [#def19]
|
|
||||||
rng-tools-6.12/rngd_nistbeacon.c:622:32: warning[core.NonNullParamChecker]: Null
|
|
||||||
pointer passed to 1st parameter expecting 'nonnull'
|
|
||||||
622|-> activeCertId = strndup(block.certificateId, be32toh(block.certificateIdLen));
|
|
||||||
|
|
||||||
2) Remove unused variables from parse_nist_json_block().
|
|
||||||
|
|
||||||
3) Fix a signedness warning for nist_rand_buf and block.signatureValue.
|
|
||||||
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
---
|
|
||||||
rngd_nistbeacon.c | 109 +++++++++++++++++++++++++++++++---------------
|
|
||||||
1 file changed, 74 insertions(+), 35 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rngd_nistbeacon.c b/rngd_nistbeacon.c
|
|
||||||
index 5d51d44..51e3458 100644
|
|
||||||
--- a/rngd_nistbeacon.c
|
|
||||||
+++ b/rngd_nistbeacon.c
|
|
||||||
@@ -74,7 +74,7 @@ static int get_nist_record(struct rng *ent_src);
|
|
||||||
|
|
||||||
static size_t nist_buf_avail = 0;
|
|
||||||
static size_t nist_buf_ptr = 0;
|
|
||||||
-static char nist_rand_buf[NIST_BUF_SIZE];
|
|
||||||
+static unsigned char nist_rand_buf[NIST_BUF_SIZE];
|
|
||||||
static char errbuf[120];
|
|
||||||
int cfp;
|
|
||||||
|
|
||||||
@@ -275,23 +275,18 @@ static void get_json_byte_array(json_t *parent, char *key, char **val, uint32_t
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Note, I'm making the assumption that the entire xml block gets returned
|
|
||||||
+ * Note, I'm making the assumption that the entire xml block gets returned
|
|
||||||
* in a single call here, which I should fix
|
|
||||||
*/
|
|
||||||
static size_t parse_nist_json_block(char *ptr, size_t size, size_t nemb, void *userdata)
|
|
||||||
{
|
|
||||||
size_t idx;
|
|
||||||
json_t *jidx;
|
|
||||||
- xmlTextReaderPtr reader;
|
|
||||||
- int ret = 1;
|
|
||||||
- const char *name;
|
|
||||||
- size_t realsize = size * nemb;
|
|
||||||
- char *xml = (char *)ptr;
|
|
||||||
- json_t *json, *pulse, *values, *obj;
|
|
||||||
+ size_t realsize = size * nemb;
|
|
||||||
+ json_t *json, *pulse, *obj;
|
|
||||||
json_error_t jsonerror;
|
|
||||||
struct rng *ent_src = userdata;
|
|
||||||
|
|
||||||
-
|
|
||||||
json = json_loads(ptr, size, &jsonerror);
|
|
||||||
if (!json) {
|
|
||||||
message_entsrc(ent_src,LOG_DAEMON|LOG_ERR, "Unparseable JSON\n");
|
|
||||||
@@ -532,7 +527,8 @@ static int validate_nist_block(struct rng *ent_src)
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (EVP_VerifyFinal(mdctx, block.signatureValue, be32toh(block.signatureValueLen), pubkey) < 1) {
|
|
||||||
+ if (EVP_VerifyFinal(mdctx, (unsigned char *)block.signatureValue,
|
|
||||||
+ be32toh(block.signatureValueLen), pubkey) < 1) {
|
|
||||||
unsigned long err;
|
|
||||||
message_entsrc(ent_src,LOG_DAEMON| LOG_ERR, "Unable to validate signature on message\n");
|
|
||||||
while( (err = ERR_get_error()) != 0 ) {
|
|
||||||
@@ -566,7 +562,8 @@ static size_t copy_nist_certificate(char *ptr, size_t size, size_t nemb, void *u
|
|
||||||
return size * nemb;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void update_active_cert() {
|
|
||||||
+static void update_active_cert(struct rng *ent_src)
|
|
||||||
+{
|
|
||||||
CURL *curl;
|
|
||||||
CURLcode res;
|
|
||||||
char *certurl;
|
|
||||||
@@ -574,24 +571,46 @@ static void update_active_cert() {
|
|
||||||
|
|
||||||
free(activeCert);
|
|
||||||
activeCert = NULL;
|
|
||||||
-
|
|
||||||
+
|
|
||||||
curl = curl_easy_init();
|
|
||||||
- if (!curl)
|
|
||||||
+ if (!curl) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "update_active_cert(): curl_easy_init() failed\n");
|
|
||||||
return;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
certurl = alloca(urlsize);
|
|
||||||
- if (!certurl)
|
|
||||||
- return;
|
|
||||||
+ if (!certurl) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "update_active_cert(): alloca() failed\n");
|
|
||||||
+ goto out_curl;
|
|
||||||
+ }
|
|
||||||
strcpy(certurl, NIST_CERT_BASE_URL);
|
|
||||||
certurl = strcat(certurl, block.certificateIdString);
|
|
||||||
- curl_easy_setopt(curl, CURLOPT_URL, certurl);
|
|
||||||
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, copy_nist_certificate);
|
|
||||||
+
|
|
||||||
+ res = curl_easy_setopt(curl, CURLOPT_URL, certurl);
|
|
||||||
+ if (res != CURLE_OK) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "update_active_cert(): curl_easy_setopt(URL) failed: %s\n",
|
|
||||||
+ curl_easy_strerror(res));
|
|
||||||
+ goto out_curl;
|
|
||||||
+ }
|
|
||||||
+ res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, copy_nist_certificate);
|
|
||||||
+ if (res != CURLE_OK) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "update_active_cert(): curl_easy_setopt(WRITEFUNC) failed: %s\n",
|
|
||||||
+ curl_easy_strerror(res));
|
|
||||||
+ goto out_curl;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
res = curl_easy_perform(curl);
|
|
||||||
- if (res != CURLE_OK) {
|
|
||||||
- fprintf(stderr, "curl_easy_perform() failed in cert update: %s\n",
|
|
||||||
- curl_easy_strerror(res));
|
|
||||||
- }
|
|
||||||
+ if (res != CURLE_OK) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "update_active_cert(): curl_easy_perform() failed: %s\n",
|
|
||||||
+ curl_easy_strerror(res));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+out_curl:
|
|
||||||
curl_easy_cleanup(curl);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
@@ -603,42 +622,62 @@ static int get_nist_record(struct rng *ent_src)
|
|
||||||
int rc = 1;
|
|
||||||
|
|
||||||
curl = curl_easy_init();
|
|
||||||
-
|
|
||||||
- if (!curl)
|
|
||||||
+ if (!curl) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "get_nist_record(): curl_easy_init() failed\n");
|
|
||||||
goto out;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- curl_easy_setopt(curl, CURLOPT_URL, NIST_RECORD_URL);
|
|
||||||
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, parse_nist_json_block);
|
|
||||||
- curl_easy_setopt(curl, CURLOPT_WRITEDATA, ent_src);
|
|
||||||
+ res = curl_easy_setopt(curl, CURLOPT_URL, NIST_RECORD_URL);
|
|
||||||
+ if (res != CURLE_OK) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "get_nist_record(): curl_easy_setopt(URL) failed: %s\n",
|
|
||||||
+ curl_easy_strerror(res));
|
|
||||||
+ goto out_curl;
|
|
||||||
+ }
|
|
||||||
+ res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, parse_nist_json_block);
|
|
||||||
+ if (res != CURLE_OK) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "get_nist_record(): curl_easy_setopt(WRITEFUNC) failed: %s\n",
|
|
||||||
+ curl_easy_strerror(res));
|
|
||||||
+ goto out_curl;
|
|
||||||
+ }
|
|
||||||
+ res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, ent_src);
|
|
||||||
+ if (res != CURLE_OK) {
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "get_nist_record(): curl_easy_setopt(WRITEDATA) failed: %s\n",
|
|
||||||
+ curl_easy_strerror(res));
|
|
||||||
+ goto out_curl;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
+ /* parse_nist_json_block() runs here as a callback */
|
|
||||||
res = curl_easy_perform(curl);
|
|
||||||
if (res != CURLE_OK) {
|
|
||||||
- fprintf(stderr, "curl_easy_perform() failed: %s\n",
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
|
||||||
+ "get_nist_record(): curl_easy_perform() failed: %s\n",
|
|
||||||
curl_easy_strerror(res));
|
|
||||||
- goto out;
|
|
||||||
+ goto out_curl;
|
|
||||||
}
|
|
||||||
|
|
||||||
- curl_easy_cleanup(curl);
|
|
||||||
-
|
|
||||||
lastpulse = block.pulseIndex;
|
|
||||||
|
|
||||||
if (!activeCertId || memcmp(activeCertId, block.certificateId, be32toh(block.certificateIdLen))) {
|
|
||||||
free(activeCertId);
|
|
||||||
activeCertId = strndup(block.certificateId, be32toh(block.certificateIdLen));
|
|
||||||
- update_active_cert();
|
|
||||||
+ update_active_cert(ent_src);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (validate_nist_block(ent_src)) {
|
|
||||||
- message_entsrc(ent_src,LOG_DAEMON|LOG_ERR, "Received block failed validation\n");
|
|
||||||
- goto out;
|
|
||||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR, "Received block failed validation\n");
|
|
||||||
+ goto out_curl;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
rc = 0;
|
|
||||||
|
|
||||||
+out_curl:
|
|
||||||
+ curl_easy_cleanup(curl);
|
|
||||||
out:
|
|
||||||
return rc;
|
|
||||||
-
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -12,10 +12,10 @@
|
|||||||
Summary: Random number generator related utilities
|
Summary: Random number generator related utilities
|
||||||
Name: rng-tools
|
Name: rng-tools
|
||||||
Version: 6.13
|
Version: 6.13
|
||||||
Release: 3%{?dist}
|
Release: 4.git.d207e0b6%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: https://github.com/nhorman/rng-tools
|
URL: https://github.com/nhorman/rng-tools
|
||||||
Source0: https://github.com/nhorman/rng-tools/archive/v%{version}/rng-tools-%{version}.tar.gz
|
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
Source1: rngd.service
|
Source1: rngd.service
|
||||||
Source2: rngd-wake-threshold.service
|
Source2: rngd-wake-threshold.service
|
||||||
Source3: 60-hwrng.rules
|
Source3: 60-hwrng.rules
|
||||||
@ -39,15 +39,6 @@ Requires(post): systemd
|
|||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
|
|
||||||
Patch1: 0001-Use-AM_PROG_AR-over-AC_CHECK_TOOLS.patch
|
|
||||||
Patch2: 0003-AC_CANONICAL_TARGET-AC_CANONICAL_HOST.patch
|
|
||||||
Patch3: 0004-Fix-logic-in-ossl_aes_random_key.patch
|
|
||||||
Patch4: 0005-Fix-a-read-returning-zero-case-in-init_entropy_sourc.patch
|
|
||||||
Patch5: 0006-Fix-minor-possibilities-of-using-a-NULL-pointer.patch
|
|
||||||
Patch6: 0007-Small-bug-and-warning-fixes-per-covscan-report.patch
|
|
||||||
Patch7: 0008-Fix-a-minor-memory-leak-in-rngd_jitter.c.patch
|
|
||||||
Patch8: 0009-Brush-up-rngd_nistbeacon.c.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Hardware random number generation tools.
|
Hardware random number generation tools.
|
||||||
|
|
||||||
@ -90,7 +81,7 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
|
|||||||
%files
|
%files
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%doc AUTHORS NEWS README
|
%doc AUTHORS README
|
||||||
%{_bindir}/rngtest
|
%{_bindir}/rngtest
|
||||||
%{_sbindir}/rngd
|
%{_sbindir}/rngd
|
||||||
%{_mandir}/man1/rngtest.1.*
|
%{_mandir}/man1/rngtest.1.*
|
||||||
@ -100,6 +91,13 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
|
|||||||
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
|
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-4.git.d207e0b6
|
||||||
|
- Update to the upstream v6.13 + tip of origin/master + onecpu
|
||||||
|
branch + revert of 2ce93190 (bz 1965318)
|
||||||
|
- Rebuild rng-tools against the latest jitterentropy library
|
||||||
|
3.0.2-2.git.409828cf with fixes for an important issue
|
||||||
|
- Adjust Source0 to a more proper one
|
||||||
|
|
||||||
* Mon Jul 05 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-3
|
* Mon Jul 05 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-3
|
||||||
- Adjust rngd-wake-threshold.service and post section so udevadm
|
- Adjust rngd-wake-threshold.service and post section so udevadm
|
||||||
is not run in a container (bz 1965318)
|
is not run in a container (bz 1965318)
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (rng-tools-6.13.tar.gz) = def5f2dcdd1771e8fe5af9476de866ff89a225065416672165af6019cbb166f874fae936b3705221aa47dc13ae99fa63d054d7d49b612f3151cd922a0a129490
|
SHA512 (rng-tools-6.13.tar.gz) = e92491073e5af67e5d0ede0349944baaa9fca0e1171e3e311df1b08295d71c15791538497e595c0e9a61e02cffe83d31ae10c00a195826c6f677004208dc7911
|
||||||
|
Loading…
Reference in New Issue
Block a user