diff --git a/huawei-replace-random-with-RAND_priv_bytes.patch b/fix-to-replace-random-with-RAND_priv_bytes.patch similarity index 51% rename from huawei-replace-random-with-RAND_priv_bytes.patch rename to fix-to-replace-random-with-RAND_priv_bytes.patch index 824faed..4e920a6 100644 --- a/huawei-replace-random-with-RAND_priv_bytes.patch +++ b/fix-to-replace-random-with-RAND_priv_bytes.patch @@ -1,14 +1,14 @@ -From 43974c5f3054c152cc424b16684829c19ae8dd6a Mon Sep 17 00:00:00 2001 -From: hwx1054416 -Date: Wed, 25 Aug 2021 17:35:39 +0800 +From ff6cffa3feaaee11b1a9d27a7eada02fbd9890da Mon Sep 17 00:00:00 2001 +From: xingwei +Date: Fri, 27 Aug 2021 17:27:24 +0800 Subject: [PATCH] replace random with RAND_priv_bytes --- - src/yppasswd.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) + src/yppasswd.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/yppasswd.c b/src/yppasswd.c -index 04d041b..15b25e3 100644 +index aa7c8a1..ae356ad 100644 --- a/src/yppasswd.c +++ b/src/yppasswd.c @@ -44,6 +44,7 @@ @@ -32,24 +32,34 @@ index 04d041b..15b25e3 100644 for (i = 0; i < num_chars; i++) { -@@ -529,7 +531,16 @@ create_random_salt (char *salt, int num_chars) +@@ -529,7 +531,18 @@ create_random_salt (char *salt, int num_chars) res = read (fd, &c, 1); if (res != 1) - c = random (); + { + while (!RAND_status ()) -+ RAND_seed (&buf, sizeof (buf)); ++ { ++ RAND_seed (&buf, sizeof (buf)); ++ } + if (RAND_priv_bytes (&buf, sizeof (buf)) != 1) + { -+ printf ( _("Failed to generate a number.\n")); -+ break; ++ printf ( _("Failed to generate a random number.\n")); ++ break; + } + c = buf; + } salt[i] = bin_to_ascii (c & 0x3f); } +@@ -571,7 +584,7 @@ main (int argc, char **argv) + { + char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; + int f_flag = 0, l_flag = 0, p_flag = 0, error, status; +- int hash_id = DES; ++ int hash_id = SHA_512; + char rounds[11] = "\0"; /* max length is '999999999$' */ + struct yppasswd yppwd; + struct passwd *pwd; -- -1.8.3.1 - +2.27.0 diff --git a/yp-tools.spec b/yp-tools.spec index 80d268b..a81d6f0 100644 --- a/yp-tools.spec +++ b/yp-tools.spec @@ -2,7 +2,7 @@ Name: yp-tools Version: 4.2.3 -Release: 8 +Release: 9 Summary: Network Information Service (YP) client utilities License: GPL-2.0-or-later URL: https://github.com/thkukuk/yp-tools @@ -11,11 +11,11 @@ Patch0: yp-tools-2.12-hash.patch Patch1: yp-tools-2.12-crypt.patch Patch2: yp-tools-2.12-adjunct.patch Patch3: yp-tools-4.2.2-strict-prototypes.patch -Patch9000: huawei-replace-random-with-RAND_priv_bytes.patch +Patch4: fix-to-replace-random-with-RAND_priv_bytes.patch BuildRequires: autoconf automake libtool BuildRequires: gettext-devel libtirpc-devel libnsl2-devel openssl-devel -Requires: ypbind >= 3:2.4-2 glibc openssl-libs +Requires: ypbind >= 3:2.4-2 glibc openssl-libs haveged %description This package provides NIS client programs.NIS,Network Information @@ -55,6 +55,12 @@ export CFLAGS="$CFLAGS %{optflags} -Wno-cast-function-type -lcrypto" %{_mandir}/*/* %changelog +* Sun Feb 04 2024 xingwei - 4.2.3-9 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:add haveged requires and optimize random number function replacement patch + * Mon Jun 20 2022 liukuo - 4.2.3-8 - License compliance rectification