diff --git a/backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch b/backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch new file mode 100644 index 0000000000000000000000000000000000000000..36fc9a3399c86408f03945012ad019d35f8785ef --- /dev/null +++ b/backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch @@ -0,0 +1,79 @@ +From ad0958b816f28e53d9bda4486e969ec3ca63538a Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar +Date: Wed, 19 Jun 2024 19:54:16 +0200 +Subject: [PATCH] lib/csrand.c: Fix the lower part of the domain of + csrand_uniform() + +I accidentally broke this code during an un-optimization. We need to +start from a random value of the width of the limit, that is, 32 bits. + +Thanks to Jason for pointing to his similar code in the kernel, which +made me see my mistake. + +Fixes: 2a61122b5e8f ("Unoptimize the higher part of the domain of csrand_uniform()") +Closes: +Reported-by: Michael Brunnbauer +Link: +Cc: "Jason A. Donenfeld" +Link: +Link: +Link: +Tested-by: Michael Brunnbauer +Reviewed-by: Michael Brunnbauer +Signed-off-by: Alejandro Colomar +Cherry-picked-from: 4119a2dce564 ("lib/csrand.c: Fix the lower part of the domain of csrand_uniform()") +Cc: "Serge E. Hallyn" +Link: +Signed-off-by: Alejandro Colomar + +Conflict: N/A +Reference: https://github.com/shadow-maint/shadow/commit/ad0958b816f28e53d9bda4486e969ec3ca63538a + +--- + lib/csrand.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/lib/csrand.c b/lib/csrand.c +index e85eaa8a..16bcccf0 100644 +--- a/lib/csrand.c ++++ b/lib/csrand.c +@@ -22,6 +22,7 @@ + #include "shadowlog.h" + + ++static uint32_t csrand32(void); + static uint32_t csrand_uniform32(uint32_t n); + static unsigned long csrand_uniform_slow(unsigned long n); + +@@ -96,6 +97,13 @@ csrand_interval(unsigned long min, unsigned long max) + } + + ++static uint32_t ++csrand32(void) ++{ ++ return csrand(); ++} ++ ++ + /* + * Fast Random Integer Generation in an Interval + * ACM Transactions on Modeling and Computer Simulation 29 (1), 2019 +@@ -108,12 +116,12 @@ csrand_uniform32(uint32_t n) + uint64_t r, mult; + + if (n == 0) +- return csrand(); ++ return csrand32(); + + bound = -n % n; // analogous to `2^32 % n`, since `x % y == (x-y) % y` + + do { +- r = csrand(); ++ r = csrand32(); + mult = r * n; + rem = mult; // analogous to `mult % 2^32` + } while (rem < bound); // p = (2^32 % n) / 2^32; W.C.: n=2^31+1, p=0.5 +-- +2.46.0 + diff --git a/shadow.spec b/shadow.spec index 78f69ded24da2b853aef5eee2d83e72d03aa678b..288e761adc1d38be877c3834b85ab90ff21d2605 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.14.3 -Release: 4 +Release: 5 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -28,7 +28,7 @@ Patch7: backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch Patch8: backport-libsubid-Dealocate-memory-on-exit.patch Patch9: backport-man-lastlog-remove-wrong-use-of-keyword-term.patch Patch10: limit-username-length-to-32.patch - +Patch11: backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -198,6 +198,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a} %{_mandir}/*/* %changelog +* Fri Feb 7 2025 hugel - 2:4.14.3-5 +- backport patches from upstream + * Fri Jan 17 2025 zhangshaoning - 2:4.14.3-4 - limit username length to 32