backport patches from upstream

Signed-off-by: beta <beta@yfqm.date>
(cherry picked from commit 8d81a7257a249449e6bf37a1153d8f506d4baf28)

backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch

@@ -0,0 +1,79 @@
+From ad0958b816f28e53d9bda4486e969ec3ca63538a Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Wed, 19 Jun 2024 19:54:16 +0200
+Subject: [PATCH] lib/csrand.c: Fix the lower part of the domain of
+ csrand_uniform()
+
+I accidentally broke this code during an un-optimization.  We need to
+start from a random value of the width of the limit, that is, 32 bits.
+
+Thanks to Jason for pointing to his similar code in the kernel, which
+made me see my mistake.
+
+Fixes: 2a61122b5e8f ("Unoptimize the higher part of the domain of csrand_uniform()")
+Closes: <https://github.com/shadow-maint/shadow/issues/1015>
+Reported-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
+Link: <https://git.zx2c4.com/linux-rng/tree/drivers/char/random.c#n535>
+Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Link: <https://github.com/shadow-maint/shadow/pull/638>
+Link: <https://github.com/shadow-maint/shadow/issues/634>
+Link: <https://github.com/shadow-maint/shadow/pull/624>
+Tested-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
+Reviewed-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+Cherry-picked-from: 4119a2dce564 ("lib/csrand.c: Fix the lower part of the domain of csrand_uniform()")
+Cc: "Serge E. Hallyn" <serge@hallyn.com>
+Link: <https://github.com/shadow-maint/shadow/pull/1025>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+
+Conflict: N/A
+Reference: https://github.com/shadow-maint/shadow/commit/ad0958b816f28e53d9bda4486e969ec3ca63538a
+
+---
+ lib/csrand.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/lib/csrand.c b/lib/csrand.c
+index e85eaa8a..16bcccf0 100644
+--- a/lib/csrand.c
++++ b/lib/csrand.c
+@@ -22,6 +22,7 @@
+ #include "shadowlog.h"
+ 
+ 
++static uint32_t csrand32(void);
+ static uint32_t csrand_uniform32(uint32_t n);
+ static unsigned long csrand_uniform_slow(unsigned long n);
+ 
+@@ -96,6 +97,13 @@ csrand_interval(unsigned long min, unsigned long max)
+ }
+ 
+ 
++static uint32_t
++csrand32(void)
++{
++	return csrand();
++}
++
++
+ /*
+  * Fast Random Integer Generation in an Interval
+  * ACM Transactions on Modeling and Computer Simulation 29 (1), 2019
+@@ -108,12 +116,12 @@ csrand_uniform32(uint32_t n)
+ 	uint64_t  r, mult;
+ 
+ 	if (n == 0)
+-		return csrand();
++		return csrand32();
+ 
+ 	bound = -n % n;  // analogous to `2^32 % n`, since `x % y == (x-y) % y`
+ 
+ 	do {
+-		r = csrand();
++		r = csrand32();
+ 		mult = r * n;
+ 		rem = mult;  // analogous to `mult % 2^32`
+ 	} while (rem < bound);  // p = (2^32 % n) / 2^32;  W.C.: n=2^31+1, p=0.5
+-- 
+2.46.0
+

shadow.spec

@@ -1,6 +1,6 @@
 Name: shadow
 Version: 4.14.3
-Release: 4
+Release: 5
 Epoch: 2
 License: BSD and GPLv2+
 Summary: Tools for managing accounts and shadow password files
@@ -22,6 +22,7 @@ Patch2: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
 Patch3: shadow-libsubid-Dealocate-memory-on-exit.patch
 Patch4: backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch
 Patch5: backport-man-lastlog-remove-wrong-use-of-keyword-term.patch
+Patch6: backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch
 
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel
@@ -191,6 +192,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a}
 %{_mandir}/*/*
 
 %changelog
+* Mon Dec 16 2024 beta <beta@yfqm.date> - 2:4.14.3-5
+- backport patches from upstream
+
 * Wed Dec 11 2024 beta <beta@yfqm.date> - 2:4.14.3-4
 - chpasswd fix coredump with s parameter